I want to make calls to the Amazon S3 rest API through an iPhone app. It means that I will have to write in my iPhone app the secretAccessKey and the accessKey of the Amazon S3 service.
If my app goes on the appstore, is it going to be dangerous for me? Maybe some people will extract my secretKey and my key to use it for other purposes? Is there a way to protect my app from this kind of attacks?
Thanks!
Martin
If possible you shouldn't store your keys in your app.
You can see a lengthy discussion of the topic here: Architectural and design question about uploading photos from iPhone app and S3 (check out Adrian Petrescu's answer).
There are a couple of options here. First, upload your data to a central server and then onto S3. Your keys stay private on your server. Or you can look at presigning your URLs.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With