Geek Answers Handbook

Amazon s3 to download how to handle security

I am building a web application and learning how to use Amazon S3 to store custom downloads.

My concern is that I do not want user A to see the download link for the document that he downloaded - urltoMyS3 / doc1234.pdf and try urltoMyS3 / doc1235.pdf and get another user document.

The only way I can do this is to allow the web application to connect to S3, and then check if the user has access to the file in the web application, the web application downloads the file and then serves it to the client. The problem with this method is that the application must first download the file and inevitably slow down the download process for the user.

How are user files typically handled using Amazon S3? Or is it just not commonly used in a scenario where the files should not be shared? Is there another service for something like that?

thanks

+8
amazon-s3 amazon-web-services
source share
3 answers

You can implement Query String Authentication to solve your problem.

Query string authentication is useful for providing HTTP or browser access to resources that typically require authentication. the signature in the query string protects the request. The query string for authentication requests requires an expiration date. You can specify any future expiration time in the epoch or UNIX time (the number of seconds since January 1, 1970).

+8
source share

You can do this by creating the appropriate links, see the following

http://docs.amazonwebservices.com/AmazonS3/latest/dev/RESTAuthentication.html#RESTAuthenticationQueryStringAuth

+3
source share

If the time check will not work (as suggested in other answers). You might consider introducing something like s3fs to mount your S3 bucket as a disk on a web application server. That way, you can simply do your authentication and then transfer the file directly to the user without suspecting that the file is in S3. Similarly, you can simply upload the downloaded files directly to this mount s3fs.

S3fs also allows you to configure the local S3 directory cache on your computer for faster access.

This works well in a cluster web server environment, since you can simply connect each server to an s3fs disk and execute / read / write to it independently.

Link with additional information

0
source share

More articles:


All Articles