安全地从Amazon S3提供文件

I have an app that uploads user files to S3. At the moment, the ACL for the folders and files is set to private.

I have created a db table (called docs) that stores the following info:

id
user_id
file_name (original file as specified by the user)
hash_name (random hash used to save the file on amazon)

So, when a user wants to download a file, I first check in the db table that they have access to file. I'd prefer to not have the file first downloaded to my server and then sent to the user - I'd like them to be able to grab the file directly from Amazon.

Is it OK to rely on a very very long hashname (making it basically impossible for anyone to randomly guess a filename)? In this case, I can set the ACL for each file to public-read.

Or, are there other options that I can use to serve the files whilst keeping them private?

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

2条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dougong9987 2012-08-14 16:27
关注
Remember, once the link is out there, nothing prevents a user from sharing that link with others. Then again, nothing prevents the user from saving the file elsewhere and sharing a link to the copy of the file.

The best approach depends on your specific needs.

Option 1 - Time Limited Download URL

If applicable to your scenario, you can also create expiring (time-limited) custom links to the S3 contents. That would allow the user to download content for a limited amount of time, after which they would have to obtain a new link.

http://docs.amazonwebservices.com/AmazonS3/latest/dev/S3_QSAuth.html

Option 2 - Obfuscated URL

If you value avoiding running the file through your web server over the risk that a URL, however obscure, might be intentionally shared, then use the hard-to-guess link name. This would allow a link to remain valid "forever", which means the link can be shared "forever".

Option 3 - Download through your server

If you are concerned about the link being shared and certainly want users to authenticate through your website, then serve the content through your website after verifying user credentials.

This option also allows the link to remain valid "forever" but require the user to log in (or perhaps just have an authentication cookie in the browser) to access the link.

本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

查看更多回答(1条)

报告相同问题？

关注问题

安全地从Amazon S3提供文件 php
2012-08-14 16:21

回答 2 已采纳 Remember, once the link is out there, nothing prevents a user from sharing that link with others.
使用php将文件从Amazon S3存储桶中的一个文件夹复制到另一个文件夹 php
2013-09-24 13:26

回答 1 已采纳 You should check out S3 tools: http://s3tools.org/s3cmd. You can install it on your server, then
通过亚马逊s3 php类强制下载文件 php
2014-08-28 14:02

回答 1 已采纳 I believe you could use the second option, passing the output buffer as the filename argument for
php aws s3 下载文件,php – 从amazon s3 buckets子文件夹中获取文件
2021-04-22 01:07

抹奶茶的博客我试图从亚马逊S3桶子文件夹中获取所有文件,并使其可以在网页中下载.我有一个叫做图像的桶.在那个桶里面我有一些其他的文件夹.现在我试图获取该子文件夹中的所有文件并在页面中显示它.S3铲斗：/图片/图像/ TEST1 //...
亚马逊s3，上传文件夹中的文件 php
2015-01-03 15:01

回答 1 已采纳 The name of the sub folder should be added to the beginning of the filename and not to the end of
如何使用php和Amazon S3 sdk下载文件？ php
2011-09-12 14:22

回答 5 已采纳 Got it to work by echo'ing out the content-type header before echo'ing the $object body. $objInfo
如何从AWS S3将文件流式传输到Zip中 php
2016-11-21 07:18

回答 1 已采纳 You are currently dumping the raw contents of the directory/file.jpg as the zip (which a jpg is no
log-flume:将媒体从WordPress同步到Amazon S3
2021-05-16 23:21

它也可以用于备份网站，甚至在服务器之间移动网站Log Flume如何与S3对话安装程序将要求您将以下常量添加到wp-config.php文件中： LOG_FLUME_REGION LOG_FLUME_ACCESS_KEY_ID LOG_FLUME_SECRET_ACCESS_KEY 您可以...
来自$ _POST和Amazon S3的文件 php
2012-01-10 20:16

回答 2 已采纳 Per the docs, fileUpload expects a URL or path, or an fopen resource. fileUpload - string|reso
使用PHP将文件上传到Amazon S3最终会得到一个28字节的文件 php
2013-12-06 22:45

回答 1 已采纳 You must call to putObject with an array, if you want use a file you must call too "putObjectFile"
从EC2上传文件到S3突然停止工作 php
2013-05-26 05:34

回答 1 已采纳 After going through the whole S3 PHP library and trace it down I found the solution "Your compute
fileupload-amazon-s3:将文件上传到亚马逊 s3 的示例
2021-06-30 00:17

文件上传示例 amazon-s3 使用 Amazon S3 sdk 将文件上传到 amazon s3 的示例 AWS-SDK 要安装所有组件，请打开终端并导航到您将项目克隆到的目录。然后运行以下命令： npm install 配置如果要启用 Amazon S3 ...
如何将缩略图文件上传到亚马逊s3存储桶？ php
2016-05-24 09:31

回答 2 已采纳 try this : this is working for me <?php // Bucket Name if(isset($_FILES['image']['name'])) {
使用php和Amazon S3 sdk上传及下载文件
2020-07-07 18:35

lemon敏er的博客使用php和Amazon S3 sdk上传及下载文件，下载Excel文件时总是报文件损坏的错误，解决方案如下上传 require 'vendor/autoload.php'; use Aws\S3\S3Client; use Aws\S3\Exception\S3Exception; $bucket = '*** Your...
php aws s3 下载文件,关于Amazon S3：使用AWS开发工具包Go的完整URI从S3下载文件
2021-04-22 01:07

姒慧的博客我看到的示例使用AWS Go for SDK从S3下载文件的形式如下：downloader := s3manager.NewDownloader(session, /* other args */)s3object := &s3.GetObjectInput{Bucket: aws.String(myBucket),Key: aws.String...
没有解决我的问题, 去提问

悬赏问题

¥30 vmware exsi重置后的密码
¥15 易盾点选的cb参数怎么解啊
¥15 MATLAB运行显示错误，如何解决？
¥15 c++头文件不能识别CDialog
¥15 Excel发现不可读取的内容
¥15 关于#stm32#的问题：CANOpen的PDO同步传输问题
¥20 yolov5自定义Prune报错，如何解决？
¥15 电磁场的matlab仿真
¥15 mars2d在vue3中的引入问题
¥50 h5唤醒支付宝并跳转至向小荷包转账界面

安全地从Amazon S3提供文件

2条回答 默认 最新

悬赏问题

2条回答默认最新