Vulnerability when public link in aws s3 or get pre-signed url

Question

0.00/5 (No votes)

See more:

Hi all,
i have a simple blog , i store images in aws s3 and public link. I want to know is it vulnerable when doing it ?
or i should get pre-signed url from node server and display ?

Thanks.

What I have tried:

public link in aws s3 and use it or get pre-signed url

Posted 5-Jan-17 10:46am

baotdinh

Updated 6-Jan-17 7:54am

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

David_Wimbley · Answer 1 · 2017-01-06T07:54:00

By making you files public, you are allowing anyone/anything to have access to those files. If those files should only be access by authenticated users then you need to use pre-signed URLs and make your files private.

If the files you are storing can be view by authenticated and unauthenticated users, then making your files public in S3 is fine.

If you need a mixture of both, in my personal opinion its just easier to handle all your files in one method, and so I would change the files to private and use pre-signed URLs.

But you need to evaluate what your project is doing, what kind of files your are storing in terms of who should have access to them and implement your functionality accordingly.