aws s3中的公共链接或获取预签名URL时的漏洞 [英] Vulnerability when public link in aws s3 or get pre-signed url

问题描述

大家好，

我有一个简单的博客，我将图像存储在aws s3和公共链接中。我想知道这样做是否容易受到攻击？

或者我应该从节点服务器获取预先签名的URL并显示？



谢谢。



我的尝试：



aws s3中的公共链接并使用它或获得预先签名的URL

Hi all,
i have a simple blog , i store images in aws s3 and public link. I want to know is it vulnerable when doing it ?
or i should get pre-signed url from node server and display ?

Thanks.

What I have tried:

public link in aws s3 and use it or get pre-signed url

推荐答案

通过公开您的文件，您允许任何人/任何人访问这些文件。如果这些文件只能由经过身份验证的用户访问，那么您需要使用预先签名的URL并将文件设为私有。



如果您要存储的文件可以查看通过身份验证和未经身份验证的用户，然后在S3中公开您的文件就可以了。



如果你需要两者兼而有之，我个人认为它更容易用一种方法处理你的所有文件，所以我会把文件更改为私有和使用预先签名的URL。



但是你需要评估你的项目在做什么，你应该访问哪些文件以及谁应该访问它们相应地实现您的功能。

By making you files public, you are allowing anyone/anything to have access to those files. If those files should only be access by authenticated users then you need to use pre-signed URLs and make your files private.

If the files you are storing can be view by authenticated and unauthenticated users, then making your files public in S3 is fine.

If you need a mixture of both, in my personal opinion its just easier to handle all your files in one method, and so I would change the files to private and use pre-signed URLs.

But you need to evaluate what your project is doing, what kind of files your are storing in terms of who should have access to them and implement your functionality accordingly.

这篇关于aws s3中的公共链接或获取预签名URL时的漏洞的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！