stackoom
  简体   繁体   中英

How can I validate data uploaded directly to S3?

 原文  2012-06-13 18:06:23       security/ amazon-s3/ amazon-web-services

Question

I have an iPhone application that uploads images directly to S3. Then it hits an endpoint on my web server and creates a new post with some metadata, along with the S3 URL for the uploaded image. All of this occurs over SSL, but what is stopping someone from reverse engineering the endpoint for creating posts and supplying a bogus URL?

1 answers

solution1
 1 ACCPTED  2012-06-14 15:42:18

No, it is not possible to really ensure that only your app can contact your server, but you can provide some kind of signature to your app, which is posted to your server via HTTPS before the real communication takes place.

Taking a look at API authentication in general is a good idea I think. This looks like a goot start: Principles for Standardized REST Authentication

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can I validate the contents of a file with browser based S3 uploads? How can I check type of uploaded file that's security How to upload file directly to AWS S3 with AWS SDK? Uploaded images with malicious code in Amazon S3 How to enable AWS-S3-security policy for files uploaded in S3 How can I check uploaded files extension? How can I make sure I fully secured my AWS S3 Bucket? Why does MozAudioAvailable's Framebuffer throw if I embed data directly? How can I store confidential S3 information for my dev env that is shared with production? How can I validate a password via PHP?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM