Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Securely serving files from Amazon S3

Tags:

php

amazon-s3

I have an app that uploads user files to S3. At the moment, the ACL for the folders and files is set to private.

I have created a db table (called docs) that stores the following info:

id
user_id
file_name (original file as specified by the user)
hash_name (random hash used to save the file on amazon)

So, when a user wants to download a file, I first check in the db table that they have access to file. I'd prefer to not have the file first downloaded to my server and then sent to the user - I'd like them to be able to grab the file directly from Amazon.

Is it OK to rely on a very very long hashname (making it basically impossible for anyone to randomly guess a filename)? In this case, I can set the ACL for each file to public-read.

Or, are there other options that I can use to serve the files whilst keeping them private?

like image 397
JonoB Avatar asked Aug 14 '12 16:08

JonoB


1 Answers

Remember, once the link is out there, nothing prevents a user from sharing that link with others. Then again, nothing prevents the user from saving the file elsewhere and sharing a link to the copy of the file.

The best approach depends on your specific needs.

Option 1 - Time Limited Download URL

If applicable to your scenario, you can also create expiring (time-limited) custom links to the S3 contents. That would allow the user to download content for a limited amount of time, after which they would have to obtain a new link.

http://docs.amazonwebservices.com/AmazonS3/latest/dev/S3_QSAuth.html

Option 2 - Obfuscated URL

If you value avoiding running the file through your web server over the risk that a URL, however obscure, might be intentionally shared, then use the hard-to-guess link name. This would allow a link to remain valid "forever", which means the link can be shared "forever".

Option 3 - Download through your server

If you are concerned about the link being shared and certainly want users to authenticate through your website, then serve the content through your website after verifying user credentials.

This option also allows the link to remain valid "forever" but require the user to log in (or perhaps just have an authentication cookie in the browser) to access the link.

like image 103
Eric J. Avatar answered Oct 09 '22 23:10

Eric J.