Highest Voted 'amazon-s3' Questions - IT Security Stack Exchange

1

vote

1 answer

Getting file from Amazon s3 encrypted based on user

I am storing my files on Amazon S3. My problem is that whenever a user asks for a file I want to generate an encryption key (user specific key) and encrypt the file and send it to him. So basically I want to direct S3 server that I want this file…

encryption file-encryption amazon-s3

asked Apr 12 '16 at 07:22

dnit13

133
1
5

1

vote

0 answers

Domain authenticated video links, prevent video link sharing

I'm running WordPress and I have s2member pro plugin. I have videos that I'd like any body to watch on my website and only on my website, I realize that they could record or capture the screen, it doesn't matter for me, I just want to prevent…

authentication wordpress amazon-s3

asked Oct 11 '15 at 18:38

vAnDaLs

11
1

0

votes

1 answer

How hard to hack are S3 Last-Modified timestamps?

Context: There are many reasons for wanting a very trustworthy timestamp on a document, as discussed in many other questions here such as this one I wrote in 2010. E.g., in an election auditing context, one thing we're interested in is a cheap,…

timestamp amazon-s3

asked Feb 24 '22 at 21:23

nealmcb

20,544
6
69
116

0

votes

0 answers

Risks of web crawlers on public buckets

So I have some data that isn't overly sensitive, but I'm still on the fence on whether or not we should invest the additional time into managing it as a private resource, vs just publicly available. The data (images & pdfs) are to be hosted on aws'…

data-leakage amazon-s3 web-crawler

asked Jan 26 '22 at 22:36

Francky_V

103
3

0

votes

1 answer

Amazon AWS S3 Unrestricted File Upload

While I was pentesting a web application, I found out that files that are uploaded to the web application are stored in an AWS S3 instance. Based on my experience, when a web application needs to store all types of files, including files with…

file-upload aws amazon amazon-s3

asked Jul 15 '21 at 03:35

Emanuel Beni

133
8

0

votes

0 answers

Server Upload to presigned URL

I am writing a ReST service which enables user to get a tar archive of a set of requested documents. When the request succeeds, the service should upload the file to a pre-signed URL that points to an s3 bucket or azure blob storage or a private…

file-upload cloud-storage amazon-s3 design-flaw security-by-design

asked Apr 29 '21 at 16:33

vishnuvp

101
1
2

0

votes

2 answers

No SSL between Cloudflare and S3 static site. A big security issue?

So I have a S3 static website. Domain, DNS and proxy is managed via Cloudflare. Cloudflare is set to communicate with browsers using SSL and it in fact enforces SSL for non-SSL requests. However, traffic between CF and S3 is http only, as S3 buckets…

tls amazon-s3 cloudflare

asked Apr 03 '21 at 08:41

marko-36

101
1

0

votes

0 answers

DigitalOcean Spaces for personal backups

Sorry for the naive question. I wonder how DigitalOcean Spaces (S3 compatible) fits personal backups. I found a lot of information about security of Amazon S3 and its security is undoubted, however, nothing about DigitalOcean. On DigitalOcean…

encryption backup cloud-storage amazon-s3

asked Mar 10 '21 at 18:38

com

101

0

votes

1 answer

Can't Amazon see my files if I use s3cmd/gpg with a complex password?

Since the early days of s3cmd I use it in combination with random generated filenames (uuidgen loop) and a complex passphrase (pwgen -n1 -c 32 -y). On security.stackexchange.com search there is only 1 result for s3cmd. I use Amazon S3 (Glacier) for…

encryption privacy storage backup amazon-s3

asked Sep 25 '20 at 07:37

Sybil

1,435
2
15
29

0

votes

3 answers

Making S3 objects viewable only for logged in users

As a service provider, I allow logged in users to upload documents to a web server, and upload it to S3. The logged in user should subsequently be able to view his own documents, and I want to serve it directly from S3, with some token-based…

web-service jwt aws web amazon-s3

asked Sep 10 '20 at 12:41

ranban282

1

0

votes

2 answers

Are public website s3 buckets vulnerable to DDoS attacks?

We are trying to make our web app the most cost effective and secure we can. For that reason we are using Cloudflare instead of CloudFront as a CDN for our frontend resources. We put CloudFront between Cloudflare and S3 to be able to use Full SSL…

amazon-s3

asked Aug 07 '20 at 00:00

Matias Haeussler

133
5

0

votes

2 answers

Encrypt backup files and send them to AWS S3

I have a backup routine via crontab on Ubuntu. This routine generates a compressed tar.gz file and sends it to AWS S3. But I want to encrypt these files and be able to decrypt them when necessary on another machine only if I have the private…

gnupg ubuntu aws amazon-s3

asked May 26 '20 at 14:06

Tom

163
4

0

votes

3 answers

Security considerations when naming S3 Buckets

What security considerations should be taken into account when naming an S3 bucket?

aws amazon-s3

asked May 14 '20 at 22:09

octothorpe_not_hashtag

323
2
7

0

votes

1 answer

Is it safe to store user-uploaded ID scans in S3 (with server encryption)?

Currently my web app stores user-uploaded ID scans in S3. I am concerned about an eventual data leak. The S3 bucket is encrypted with server-side encryption (AES-256) but I figure the next obvious risk is an attacker gaining access to the AWS…

encryption web-application amazon-s3

asked Jan 24 '20 at 22:02

Maros

113
6

0

votes

0 answers

Is Bucket Upload Policy a good pratice for upload files to AWS S3?

In AWS docs page has the following instructions to upload files to an AWS bucket from browser: https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectPOST.html This solution send to browser a policy and a signature using the secret key that is…

aws amazon-s3

asked Oct 21 '19 at 20:13

Vivi

69
4

Questions tagged [amazon-s3]