Using Amazon S3 and protecting images/hotlinking

[Dave Sinclair]

I've just started using Amazon S3 and I'm interested to hear other peoples security measures with hppg. 

To prevent hotlinking and stealing of images I've created an s3 bucket policy that only allows people to view images when they have been referred from my domain/ip address.

At the moment hppg makes all images it uploads completely public, which means the bucket policy is ignored and anyone can still get access. Once I've modified hppg to upload photos to s3 with public access, however, this security measure should work just fine. 

If anyone has any further suggestions of safely using s3 I would be very happy to hear them!

Here is a guide to setting up a bucket policy. 

http://blog.cloudberrylab.com/2010/07/how-to-prevent-hotlinking-of-your.html 

Next step: allow watermarked images to show up in google image search whilst restricting full access...

[Dave Sinclair]

Another note, Amazon S3 will not work with hppg shop functionality.

This is because when user downloads a purchase on hppg the original full size image is converted to the relevant resolution on the fly. for the conversion hppg looks on the local drive for the original image, not on S3. 

I can't think of a good fix for this problem. Copying the image from s3 to the local drive just to resize it for download will slow the purchase down too much. 

It may be possible to mound the s3 bucket as a drive on the vps, but again this would probably be a lot slower and brings too much complication. 

For now I'm going to abandon s3 and just pay the higher price for extra storage on my vps.

If anyone has any other ideas or some space for me on their dedicated server let me know :)