Highest Voted 'amazon-s3' Questions - IT Security Stack Exchange

10

votes

3 answers

What is the purpose of the expiration time in signed S3 urls?

S3 allows you to authenticate requests for media via a signed URL. This URL can include an expiration time, after which the URL is no longer valid…

amazon-s3

asked Feb 09 '16 at 14:46

John Lucas

203
1
2
5

7

votes

1 answer

What is legally required to store HIPAA data in the "cloud"?

I was looking into storing SQL DB backups of a healthcare system in the cloud in the event of a disaster to be HIPAA compliant. The solution I came up with was to use Cloudberry backups. What I would want to do is export the SQL DB on my local…

cloud-computing hipaa amazon-s3

asked Jul 27 '15 at 03:29

cutrightjm

1,714
4
18
31

7

votes

1 answer

Does Amazon S3 deletion "shred" your object

I believe Amazon states that all deletions of objects are irreversible. But for security reasons, how "shreded" is such deletion? For example, supposing a hack to Amazon S3, could anyone recover your deleted data?

deletion amazon-s3

asked Mar 07 '17 at 22:05

noderman

397
1
4
9

6

votes

3 answers

Is it more secure to encrypt separate customers' data with separate keys?

If I am storing multiple customers' data in cloud-based file storage such as an AWS S3 bucket, and I use an encryption service such as AWS KMS to achieve encryption at rest, does it add any extra security for me to store each customer's data in a…

encryption key-management aws amazon-s3

asked Mar 09 '20 at 19:11

CFL_Jeff

193
5

6

votes

1 answer

Find Security Flaws in My Payment Page

I've done some extensive research about how to secure your website from card fraud. iFrames do a pretty good job of this, however, It can still be worked around from certain exploits. Many payment providers have now moved away from 'Hosted Payment…

penetration-test web-hosting payment-gateway amazon-s3 payment

asked Jul 24 '18 at 20:07

Matt The Ninja

69
3

6

votes

3 answers

Is it OK to pass credentials to the client to allow it to upload files to Amazon S3?

Our mobile app will be uploading images to AWS S3. The question is whether to do one of the following options: Upload the image to our APIs server, then our APIs server uploads the image to S3 Pros: More secure, as the S3 credentials is only stored…

credentials aws cloud-storage amazon-s3

asked Mar 06 '17 at 09:42

Samir Sabri

163
5

5

votes

3 answers

How to make S3 Presigned url single use only?

Issue: I have a presigned url which is valid for 15 minutes. Upload can be initiated any number of times if the presigned url is captured in this time frame. I want to make an S3 presigned url for upload as secure as possible, so that uploaded file…

amazon amazon-s3 aws-lambda

asked Mar 25 '20 at 11:04

Sneha Rathod Solanki

51
1
3

5

votes

1 answer

Preventing millions of requests to Amazon s3 bucket

I developed an open source library and hosted its assets on Amazon S3 (CSS, JS), these files were used in demo via URLs like: http://my_bucket_name.s3.amazonaws.com/some-file.js (my bad, I know). Without my permission some websites started…

amazon-s3

asked Oct 03 '16 at 06:28

Marvin3

151
4

5

votes

1 answer

Security of setting access to S3 bucket only from a particular website

I read about setting access to S3 bucket only from a particular website in Amazon Docs. And I quote : Suppose you have a website with domain name (www.example.com or example.com) with links to photos and videos stored in your S3 bucket, …

web-service aws amazon-s3

asked Sep 02 '16 at 09:16

Amit Tomar

153
1
7

4

votes

1 answer

Is it insecure to expose private bucket names through signed URL?

AWS provides signed url to objects in bucket.On backend we can connect with AWS and create such signed urls and send to front-endJust discussing this one use case where we use that signed url to make a put request through javascript, thereby…

audit aws amazon-s3

asked Mar 11 '20 at 13:28

Akshay Vijay Jain

143
6

4

votes

3 answers

AWS S3 and 2-factor (multifactor)

I have a client looking to use AWS S3 buckets for file transfer to other clients. That data may have some sort of protected data in it. I'd like to set up S3 to use 2-factor or MFA for the login/connection. I've looked at a bunch of AWS docs,…

multi-factor aws amazon-s3

asked Dec 09 '16 at 20:08

MikeP

1,159
7
12

3

votes

0 answers

Storing user's private files on S3 and securing access using signed URLs - good idea?

I will be storing private user's files on S3. The files will be PDFs, possibly containing private financial information. I'm considering letting users directly access the files on S3, without proxying all the traffic through my app server. How…

access-control file-access google-apps amazon-s3

asked Jun 22 '19 at 14:38

ssobczak

131
1

3

votes

3 answers

AWS S3 resource access control through IAM permissions or bucket policies?

The way we create buckets in our org and ensure sane ACLs around it is by providing an automated tool (that internally uses Terraform) to provision an S3 bucket. So say when a user requests for a new bucket, named testBucket we create a bucket named…

access-control aws identity-management amazon-s3

asked Jun 12 '19 at 01:33

qre0ct

1,492
3
19
30

3

votes

0 answers

Does storing user files in S3 ensure that my server is secure from user uploaded malware?

Consider a common scenario where I'm using an Amazon S3 bucket to store the files uploaded by my users and not in my actual server. So, all the files the user uploads, go to the s3 bucket, and doesn't stay on my instance. That means I can allow them…

malware amazon-s3

asked Jan 27 '17 at 17:31

twodee

129
1
4

2

votes

1 answer

How to handle AWS credentials

Our web application features a lot of media upload. We are making use of AWS S3 buckets for media storage. As per the current implementation, whenever a new file upload API is called, we send the AWS credentials to the front end and front end will…

aws credentials amazon-s3

asked Oct 29 '20 at 06:33

Anonymous Platypus

1,392
3
18
33

Questions tagged [amazon-s3]