Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How secure is it to call Amazon S3 Services from an iPhone?

I want to make calls to the Amazon S3 rest API through an iPhone app. It means that I will have to write in my iPhone app the secretAccessKey and the accessKey of the Amazon S3 service.

If my app goes on the appstore, is it going to be dangerous for me? Maybe some people will extract my secretKey and my key to use it for other purposes? Is there a way to protect my app from this kind of attacks?

Thanks!

Martin

like image 980
MartinMoizard Avatar asked Jan 12 '11 18:01

MartinMoizard


1 Answers

If possible you shouldn't store your keys in your app.

You can see a lengthy discussion of the topic here: Architectural and design question about uploading photos from iPhone app and S3 (check out Adrian Petrescu's answer).

There are a couple of options here. First, upload your data to a central server and then onto S3. Your keys stay private on your server. Or you can look at presigning your URLs.

like image 150
Larry Hipp Avatar answered Sep 20 '22 00:09

Larry Hipp