Menu
I am planning to redirect users to presigned URLs of sensitive resources stored in S3. These get generated after checking the user's rights and have aggressive timeouts (30 secs). My worry however is whether it would be possible by some malware that is present on my client's machine to capture the url and still download the file within the expire time of the URL. Or Am I just being too paranoid?
If this has been answered before, please point me in that direction. Appreciate your help.
444
Anyone who obtains the URL before expiry can use it to access the data. S3 supports bucket policies that limit the IP addresses that are allowed access to data:
http://docs.aws.amazon.com/AmazonS3/latest/dev/AccessPolicyLanguage_UseCases_s3_a.html
However in this case you are worried about malware on the client machine. So that wouldn't help. Have you considered encrypting the data such that only the client process can decrypt it?
You're still vulnerable to an insecure/careless client leaking the data somehow.
57
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
