Skip to content

re: AWS Keys exposed on URL from photos on my heroku site VIEW POST

re: I'm not an expert but I think what you are seeing are signed links: Basically that signature is derived from...

I think it is what I see. But if I'm not mistaken, I don't think the keys & signature should be exposed in the URL.

I'll take a look at the link.

Thanks, Corey!


Here's another link about signed links as query params, which I believe is what you have!

In general I think only your AWS Secret Key is private and can't be shared. Since the signature here is a single use token derived from it, it's ok!

Whew. I'm relieved. But I'll still look into hiding those on the URL if they're possible. Thanks again, Corey!

code of conduct - report abuse