Menu
I have some files stored at amazon. all in private mode, and since I need provide users a way to download these files, each time an user needs to download a file I just create a authenticated url according to Authenticating REST Requests and the user can download the file for a gap of 5 minutes.
BUT once the url is generated I can see in the url my amazon key, is this something I should worry about? (I mean I know you need to have the secret key also to access to any object) but still this being secure?
906
The key is fine to publicly distribute, the secret is not.
So the answer is yes!
Edit: The public key along with the secret is used to generate the nonce / signature. You need both to generate valid (secured) requests for amazon. The secret is private however.
132
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
