Are authenticated URLs in s3 safe?

Question

Are authenticated URLs in s3 safe?

I have files stored on amazon. everything is in private mode, and since I need to provide users with a way to download these files, every time a user needs to download a file, I simply create an authenticated URL in accordance with REST request authentication , and the user can download the file in 5 minutes.

BUT, but as soon as the url is generated, I can see my Amazon key in the url, is that what I should worry about? (I mean, I know that you need a secret key to access any object), but is it still safe?

+3

amazon-s3 amazon-web-services

Gabriel sosa Apr 25 '09 at 15:27

source share

1 answer

Evert · Accepted Answer · 2009-04-25T15:53:47+0000

The key is in order to be publicly distributed, the secret is not like that.

So the answer is yes!

Edit: the public key along with the secret is used to generate nonce / signature. You need both to generate valid (protected) requests for amazon. However, the secret is secret.

Are authenticated URLs in s3 safe?

More articles: