DEV Community

Discussion on: AWS open sources new and updates - No. 21

Collapse
 
rosswilliams profile image
rosswilliams

The AppSync poll solution you posted allows anyone to upload anything to your s3 bucket, and allows anyone to download it. Someone could use it to store and share a large amount of files, or any illegal content. It's not protected, all it takes to upload and download a file is follow the same process as the static website, use the identity id to get session tokens, then use the cli, sdk, or aws4fetch to put and get petabytes of content. See /public/very_big_file.txt in the bucket for example. Its literally a single step through Cognito to treating it as an open bucket.

Collapse
 
094459 profile image
Ricardo Sueiras

Thanks dev.to/rosswilliams for the heads up. I have shut this down and will update the post.