Is it safe to share pre-signed URLs? Because I have noticed that the AccessKey and Token are present in the URL, can be this considered a vulnerability?
A Full Stack Developer specializes in Python (Django, Flask), Go, & JavaScript (Angular, Node.js). Experience designing, planning, and building complete web applications with backend API systems.
Want I want to display images on my site, those images are located in S3 and they're encrypted. Right now, what I do is download the image in the backend using the S3 GetObject API, but I don't like it since the front-end should download them. So, I pre-signed them and send it this way and then I realized they contain ApiAccess and ApiToken.
I don't think this is ok haha, What should I do? How can I use CloudFront to "hide" the s3 path?
A Full Stack Developer specializes in Python (Django, Flask), Go, & JavaScript (Angular, Node.js). Experience designing, planning, and building complete web applications with backend API systems.
If your front-end is using resources from S3, then I would suggest you add S3 bucket permissions to restrict the access outside your domain.
You can then directly expose that S3 bucket containing images on the front-end via Cloudfront. I do not see any use-case of using a pre-signed URL here as ur images might be restricted to your own domain and optionally authenticated users.
Hope it answers your queries.
P.S. Check this post for using CloudFront in front of S3
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Is it safe to share pre-signed URLs? Because I have noticed that the AccessKey and Token are present in the URL, can be this considered a vulnerability?
Hey, it is safe in the sense that you decide the users who will get access to the resource, but do evaluate on the following points:
Hope it solves your queries.
Thanks,
Want I want to display images on my site, those images are located in S3 and they're encrypted. Right now, what I do is download the image in the backend using the S3 GetObject API, but I don't like it since the front-end should download them. So, I pre-signed them and send it this way and then I realized they contain ApiAccess and ApiToken.
I don't think this is ok haha, What should I do? How can I use CloudFront to "hide" the s3 path?
Thanks
Hi,
If your front-end is using resources from S3, then I would suggest you add
S3 bucket permissions
to restrict the access outside yourdomain
.You can then directly expose that
S3 bucket
containing images on the front-end viaCloudfront
. I do not see any use-case of using a pre-signed URL here as ur images might be restricted to your own domain and optionally authenticated users.Hope it answers your queries.
P.S. Check this post for using CloudFront in front of S3