适当的s3权限,允许用户使用carrierwave上传图像文件 [英] Proper s3 permissions for users uploading image files with carrierwave
问题描述
在Michael Hartl撰写的Rails教程的第11章结束时,我成功创建了存储区,使用IAM设置用户并向用户授予AmazonS3FullAccess策略,从而成功地使用户能够上载到Amazon S3服务.允许我网站上的未知用户完全访问存储桶以在我的网站上上传图片感觉很脏而且很不安全,我不确定是否应该这样.我在
At the end of Chapter 11 of The Rails Tutorial by Michael Hartl I successfully managed to enable user uploads to Amazons S3 service by creating a bucket, using IAM to set a user and granting the user an AmazonS3FullAccess policy. It feels dirty and very insecure to allow an unknown user on my website to have full access to a bucket for image upload on my website and I'm not sure if I should feel this way. I created a custom policy at
以下是什么:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1445501067518",
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::bucketname"
}
]
}
我对我的解决方案没有信心,无法找到任何找到最佳解决方案的答案.我正在使用载波(打算在自己的项目中使用carrierwave_direct),雾气和mini_magick宝石.
I am not confident in my solution and could not find any answers googling for the best way to go about this. I am using carrierwave (with intentions of using carrierwave_direct for my own project), fog, and mini_magick gems.
推荐答案
允许用户将文件上传到您的网站(即S3)的最佳方法,也许是最安全的方法是使用基于浏览器的帖子上传.
The best and probably the most secure way of allowing users to upload files to your site (ie. S3) is to use Browser-Based Post Uploads.
这使用户可以直接上载到S3,而无需浏览您的服务器.在服务器上,您只需使用访问密钥创建请求签名即可.
This lets users upload directly to S3 without having to go through your servers. On your servers you simply create a request signature using your access keys.
您可以在此处了解更多信息: 使用Post的基于浏览器的上传
You can read more about it here: Browser Based Uploads Using Post
我本人并不熟悉载波,但是您可能会发现这很有用: 直接在rails中上传到S3
I'm not familiar with carrierwave myself but you may find this useful: Uploading directly to S3 in rails
这篇关于适当的s3权限,允许用户使用carrierwave上传图像文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!