stackoom
  简体   繁体   中英

S3 limit files only to certain types

 原文  2016-04-19 15:24:35       php/ amazon-web-services/ amazon-s3

Question

I am using direct browser uploads using presigned urls to allow file uploads. so far I am using 

    $s3 = App::make('aws')->createClient('s3');
$command = $s3->getCommand('PutObject', [
            'Bucket' => 'reminderuploadstest',
            'Key' => "test.txt",
        ]);

       echo ( (string)$s3->createPresignedRequest($command,'+100 minutes')->getUri());

I would like to know how to limit the file types that can be uploaded using this url. I want the user to be able to upload only images(eg jpg,png). Is it possible for amazon to check if it is a 'valid' image ?(ie not just extension). If its not possible , what can I do to ensure the user uploads only images. It is a requirement that I upload to s3 directly and not use some online validation and then proxy it over to s3

2 answers

solution1
 2  2016-04-19 16:07:30

Is it possible for amazon to check if it is a 'valid' image ?(ie not just extension).

No it's not possible

If its not possible , what can I do to ensure the user uploads only images. It is a requirement that I upload to s3 directly and not use some online validation and then proxy it over to s3

You can't. Your requirements of uploading directly to S3 and restricting user uploads based on the file contents are not compatible. One of those requirements needs to change.

If you can wait until after the file is uploaded to S3 to validate it then you could use S3 notifications to trigger a Lambda function to validate the file. However at that point the file will already be uploaded and the browser would think the upload had succeeded.

solution2
 0  2016-04-19 16:24:55

You can't , because S3 is a repository, there is not type validator build-in.

You may throw in a frontend java applet loader that do loading, then it will use the user CPU to do whatever validation and checking for you.

Nevertheless, anything in S3 is open up for abuse, if there is no "content-length-range" limit. A user can simply inject a image header to fools the uploader and "borrow" GB of your S3 space. XD.

And another interesting fact is , content-length-range, one of the most powerful file validator is the Antivirus engine file scanner . ;-D.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Amazon S3 receives only TMP files Only allow certain files types to be added during an upload Uploading Files to S3 in PHP Laravel ErrorException (E_WARNING) fopen Upload does not work - ONLY FOR SOME FILES on S3 How can i change AWS S3 content type only for audio files AWS S3 ListObjectsV2 returns full list of files with MaxKeys set only to 10 Zipping 100's of files stored on S3 How to zip only certain extension's files in php? (.pdf, .mp3 and .zip) amazon s3 limit amount of upload for each user Move millions of files to root of S3
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM