3

Consider a common scenario where I'm using an Amazon S3 bucket to store the files uploaded by my users and not in my actual server. So, all the files the user uploads, go to the s3 bucket, and doesn't stay on my instance. That means I can allow them to store every type of file.

Does that mean that my server will be protected from possible user uploaded malware since it's not staying in my server anyway?

twodee
  • 129
  • 1
  • 4
  • Are you doing anything with this data? Then you aren't safe. Your users also may not be safe. – Rory Alsop Jan 27 '17 at 23:56
  • No, I'm not utilizing/processing this data in my servers. They remain completely independent of the server, and never processed by the servers. @RoryAlsop – twodee Jan 28 '17 at 05:42
  • 1
    So if everything is on S3 and you have no connection to it, then your server is safe. As said before, though, your users aren't, and that may be more important. – Rory Alsop Jan 28 '17 at 09:56
  • @RoryAlsop If you are then displaying the files in the browser (like images, playing audio, video, pdfs viewed using pdfjs) but not allowing for download - is that secure as well? Do you see a benefit in first scanning for virus before uploading to S3? – geoboy Jun 26 '17 at 21:40

0 Answers0