HTTPS VS带的Cloudfront签署网址 [英] https vs signed url with Cloudfront

问题描述

我知道这是一个苹果和桔子的问题，但我想了解使用https的利弊，并与AWS的Cloudfront签署的网址。也许人们请发表评论，并加入到这个名单？

HTTPS

赞成的

1. 安全：HTTPS比HTTP更安全。虽然，我不知道这是什么意思B / C，如果你不能信任该URL实际上是从亚马逊，你能相信谁？
2. preserve应用程序的现状是：你的网站已经完全HTTPS的另一个原因是，像你这样的处理信用卡。使用HTTPS的CloudFront的prevents提醒您提供不安全的内容，即用户，可怕的黄色指示标志。难道这又是一个的 CON 的，如果你的网站是完全的HTTP（诚信问题）？
3. 在难度系数：0/10。只要改变HTTP到HTTPS在您的网址，它的作品无论哪种方式，开箱即用。在另一方面，如果你想使用自己的CNAME以https，这显著较为混乱，7/10因的 CON 的＃1以下... <看来，虽然我还没有尝试过/ LI>

缺点的

1. 费用：$ 600 /月的 !! 以使用https与自己的CNAME，如 images.mysite.com 而不是 blah123.cloudfront.com 。在另一方面，我的理解是，使用的CNAME与HTTP是免费的吗？

签署网址

赞成的

1. 真正的安全：签署网址似乎通常最需要的方法来控制谁可以访问您的网站内容。你可以控制的事情，如用户IP地址，谁有权访问的持续时间。

2. 费用：无

缺点的

1. 在难度系数：9/10。创建签名的网址是比较混乱的。有很多术语的学习，可能还有一些图书馆AWS SDK的一部分，不是你需要跟踪。

解决方案

HTTPS有助于保护传输中的数据，这是有益的，如果你已经在使用SSL访问您的应用程序。随着CNAME的问题，大多数人可能不会意识到你的图像和其它静态内容正在从cloudfront.net而不是yourdomain.com交付

签名网址不仅有助于控制谁可以访问给定文件和多久，他们可以访问它。你可以使用这个交付数字购买，或登录用户其他私人文件。您也宽松一些的CloudFront的的缓存的好处。

I know this is an apples and oranges question but I'd like to understand the pros and cons of using https and signed urls with AWS Cloudfront. Might people please comment on and add to this list?

HTTPS

PROS

1. Security: https is more secure than http. Though, I'm not sure what this mean b/c if you can't trust that the URL is actually from Amazon, who can you trust?
2. Preserve your application's status quo: Your site is already fully https for another reason, like you handle credit cards. Using https for cloudfront prevents alerting the user that you are serving insecure content, i.e., the dreaded "yellow" indicator symbol. Could this also be a con if you're site is fully http (honest question)?
3. Degree of difficulty: 0/10. Just change http to https in your url, it works either way out of the box. On the other hand, if you want to use your own CNAME with https, this seems significantly more confusing, 7/10, though I haven't tried it due to con #1 below...

CONS

1. Cost: $600/month !! to use https with own CNAME, e.g., images.mysite.com instead of blah123.cloudfront.com. On the other hand, my understanding is that using CNAMEs with http is free?

SIGNED URLS

PROS

1. REAL security: signed urls would seem the most commonly needed method to control who has access to your site's content. You can control things like the user IP address and the time duration of who has access.

2. Cost: none

CONS

1. Degree of difficulty: 9/10. Creating signed urls is relatively confusing. There's lots of terminology to learn and possibly some libraries not part of the AWS SDK you'll need to track down.

解决方案

HTTPS helps secure data in transit, which is helpful if you are already using SSL for access to your application. With the CNAME issue, most people are likely not going to realize that your images and other static content are being delivered from cloudfront.net instead of yourdomain.com

Signing URLs only helps control who can access a given file and how long they can access it for. You may use this for delivery digital purchases, or other private files to logged in users. You also loose some of the caching benefit of cloudfront.

这篇关于HTTPS VS带的Cloudfront签署网址的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！