Are the S3 URLs returned from Amazon Secure?
196 views
Skip to first unread message
Aaron Saunders
Oct 27, 2011, 3:43:33 PM10/27/11
to StackMob
Meaning if someone else got access to the url can they download the
file?
file?
Taylor Leese (StackMob Engineer)
Oct 27, 2011, 7:04:08 PM10/27/11
to StackMob
Aaron - S3 is secure by default so as long as a developer hasn't
modified those security settings it would be secure.
http://aws.amazon.com/s3/faqs/#How_secure_is_my_data
- Taylor
On Oct 27, 12:43 pm, Aaron Saunders <aa...@clearlyinnovative.com>
wrote:
modified those security settings it would be secure.
http://aws.amazon.com/s3/faqs/#How_secure_is_my_data
- Taylor
On Oct 27, 12:43 pm, Aaron Saunders <aa...@clearlyinnovative.com>
wrote:
Taylor Leese (StackMob Engineer)
Oct 27, 2011, 7:28:18 PM10/27/11
to StackMob
Aaron - I stand corrected. We currently configure the S3 bucket policy
to be public read and have been exploring defaulting it to secure.
However, that is still in progress.
- Taylor
On Oct 27, 4:04 pm, "Taylor Leese (StackMob Engineer)"
to be public read and have been exploring defaulting it to secure.
However, that is still in progress.
- Taylor
On Oct 27, 4:04 pm, "Taylor Leese (StackMob Engineer)"
Aaron Saunders
Oct 27, 2011, 9:05:04 PM10/27/11
to StackMob
Can you point me to some directions on how to make it secure?
Thanks
On Oct 27, 7:28 pm, "Taylor Leese (StackMob Engineer)"
Thanks
On Oct 27, 7:28 pm, "Taylor Leese (StackMob Engineer)"
Miles OConnell (StackMob Engineer)
Oct 27, 2011, 9:37:47 PM10/27/11
to StackMob
Aaron,
S3 allows you a great deal of control over the permissions associated
with your buckets. You can refer to Amazon's own documentation for
details: http://docs.amazonwebservices.com/AmazonS3/latest/dev/
There is however one caveat, that being that when you update your S3
credentials, we will set public read on the new bucket specified.
Therefore whenever you update your s3 credentials you should ensure
that the permissions are correctly set on the bucket you reference.
-Miles
On Oct 27, 6:05 pm, Aaron Saunders <aa...@clearlyinnovative.com>
S3 allows you a great deal of control over the permissions associated
with your buckets. You can refer to Amazon's own documentation for
details: http://docs.amazonwebservices.com/AmazonS3/latest/dev/
There is however one caveat, that being that when you update your S3
credentials, we will set public read on the new bucket specified.
Therefore whenever you update your s3 credentials you should ensure
that the permissions are correctly set on the bucket you reference.
-Miles
On Oct 27, 6:05 pm, Aaron Saunders <aa...@clearlyinnovative.com>
Carmen
Dec 14, 2011, 12:12:08 PM12/14/11
to StackMob
I've been reading about Amazon's Token Vending Machine example
http://aws.amazon.com/code/7351543942956566
and here on uploading to S3
http://www.amazonappstoredev.com/2011/11/how-to-use-the-amazon-sdk-for-android-to-upload-photos-to-amazon-s3-.html
http://aws.amazon.com/code/7351543942956566
and here on uploading to S3
http://www.amazonappstoredev.com/2011/11/how-to-use-the-amazon-sdk-for-android-to-upload-photos-to-amazon-s3-.html
Can this method be integrated with StackMob? Is that something to
pursue?
Carmen
On Oct 27, 8:37 pm, "Miles OConnell (StackMob Engineer)"
Erick
Dec 16, 2011, 4:05:23 AM12/16/11
to stac...@googlegroups.com
Hi Carmen!
May you describe your use case please?
Carmen Delessio
Dec 16, 2011, 7:48:11 AM12/16/11
to stac...@googlegroups.com
I would like secure files stored on S3.
Thanks - the original thread was a question on the security of S3 blobs in database.
A logged in user would see only their files.
Thanks - the original thread was a question on the security of S3 blobs in database.
On Fri, Dec 16, 2011 at 4:05 AM, Erick <eric...@gmail.com> wrote:
Hi Carmen!May you describe your use case please?
--To view this discussion on the web visit https://groups.google.com/d/msg/stackmob/-/0NDba__CdVQJ.
You received this message because you are subscribed to the Google Groups "StackMob" group.
To post to this group, send email to stac...@googlegroups.com.
To unsubscribe from this group, send email to stackmob+u...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/stackmob?hl=en.
Miles O'Connell
Dec 16, 2011, 4:52:54 PM12/16/11
to Carmen Delessio, stac...@googlegroups.com
Carmen,
We do plan to allow you to access external APIs in the future through custom code. This would allow you to access the AWS Security Token Service as in the example you shared, and therefore would allow you to mimic that example closely using our custom code.
Currently, you can secure your files to a lesser degree by disallowing public-read on your s3 bucket, and using an s3 token with read privileges to access the content directly from the phone once you've used StackMob to determine the location of your resource. In this way, the app can determine programmatically which resources a user can access. By using a separate, read-only s3 token/secret, you prevent others from deleting or overwriting your resources, even in the unlikely event that they get access to your token/secret.
Hope that helps!
Aaron Saunders
Dec 31, 2011, 12:30:19 PM12/31/11
to StackMob
Is there some sample code or a tutorial that can walk someone through
how to accomplish this? I am sorry because I am still not following.
Thanks
On Dec 16, 4:52 pm, "Miles O'Connell" <mi...@stackmob.com> wrote:
> Carmen,
>
> We do plan to allow you to access external APIs in the future through
> custom code. This would allow you to access the AWS Security Token Service
> as in the example you shared, and therefore would allow you to mimic that
> example closely using our custom code.
>
> Currently, you can secure your files to a lesser degree by disallowing
> public-read on your s3 bucket, and using an s3 token with read privileges
> to access the content directly from the phone once you've used StackMob to
> determine the location of your resource. In this way, the app can determine
> programmatically which resources a user can access. By using a separate,
> read-only s3 token/secret, you prevent others from deleting or overwriting
> your resources, even in the unlikely event that they get access to your
> token/secret.
>
> Hope that helps!
>
> On Fri, Dec 16, 2011 at 4:48 AM, Carmen Delessio
> <carmendeles...@gmail.com>wrote:
how to accomplish this? I am sorry because I am still not following.
Thanks
On Dec 16, 4:52 pm, "Miles O'Connell" <mi...@stackmob.com> wrote:
> Carmen,
>
> We do plan to allow you to access external APIs in the future through
> custom code. This would allow you to access the AWS Security Token Service
> as in the example you shared, and therefore would allow you to mimic that
> example closely using our custom code.
>
> Currently, you can secure your files to a lesser degree by disallowing
> public-read on your s3 bucket, and using an s3 token with read privileges
> to access the content directly from the phone once you've used StackMob to
> determine the location of your resource. In this way, the app can determine
> programmatically which resources a user can access. By using a separate,
> read-only s3 token/secret, you prevent others from deleting or overwriting
> your resources, even in the unlikely event that they get access to your
> token/secret.
>
> Hope that helps!
>
> On Fri, Dec 16, 2011 at 4:48 AM, Carmen Delessio
>
>
>
>
>
>
>
> > I would like secure files stored on S3.
> > A logged in user would see only their files.
>
> > Thanks - the original thread was a question on the security of S3 blobs in
> > database.
> > See:
> >https://groups.google.com/forum/#!msg/stackmob/9BNJGTsj8L4/0NDba__CdVQJ
> > Carmen
>
>
>
>
>
>
>
> > I would like secure files stored on S3.
> > A logged in user would see only their files.
>
> > Thanks - the original thread was a question on the security of S3 blobs in
> > database.
> > See:
> >https://groups.google.com/forum/#!msg/stackmob/9BNJGTsj8L4/0NDba__CdVQJ
> > Carmen
>
Reply all
Reply to author
Forward
0 new messages