All geek questions in one place

Is Azure Shared Access Signature suitable, can anyone access my blobs?

I am writing a backup service to backup an SQL database and save it to the cloud. I already implemented this already with Amazon S3, but since the application will be distributed to customers, I cannot have the API keys stored in the application. I was considering using a web service to provide keys, but this is not my best option at this time (because it still leaves the possibility of key theft.)

So, I looked at Windows Azure, the Blob service, and saw that they have these shared signatures that can be used to provide access to resources in the cloud. You can also use a signature to place drops in the cloud. But, after reading the MSDN documents , I cannot help but think that this is an unsafe system. Anyone who knows 1. the exact names of the containers for my account and 2. how to generate a signature will be able to access the objects. When using this signature you do not need a secret key. At least this is my impression of reading documents.

So finally to my question. Am I evaluating Azure Sharing Signs correctly, if not, why not? And can anyone suggest an alternative way to do what I'm trying to accomplish.

+3
source share
1 answer

Shared signatures can be limited to either a specific container or a specific blob. They can then indicate what permissions they give (read, write, list blob), and they can indicate how much time they are valid.

The only way to create an SAS is to have a storage key, but anyone with an SAS can use it to do what it allows them to.

Sounds like you want to let all your customers write drops, but not read them? If so, the SAS, which sets only write permissions, should do the trick.

, ( ) ? , , , - (-?), SAS , . .

+6

Source: https://habr.com/ru/post/1751572/

More articles:


All Articles