tags:

views:

244

answers:

1
+1  Q: 

are authenticated urls at s3 secure?

I have some files stored at amazon. all in private mode, and since I need provide users a way to download these files, each time an user needs to download a file I just create a authenticated url according to Authenticating REST Requests and the user can download the file for a gap of 5 minutes.

BUT once the url is generated I can see in the url my amazon key, is this something I should worry about? (I mean I know you need to have the secret key also to access to any object) but still this being secure?

+2  A: 

The key is fine to publicly distribute, the secret is not.

So the answer is yes!

Edit: The public key along with the secret is used to generate the nonce. You need both to generate valid (secured) requests for amazon. The secret is private however.

Evert  2009-04-25 15:53:47

related questions

Using Amazon MechanicalTurk if location != US?
Is there a library for iPhone to work with HMAC-SHA-1 encoding
What are the valid instanceState's for the Amazon EC2 API?
Categorising EC2 instances
Amazon Web services - retrieving a wishlist
Source for useful EC2 AMIs
Average EC2 Uptime?
Average Amazon EC2 Instance Price for WEB HOSTING
What are your suggestions for storing AWS authentication data?
How far can you really go with "eventual" consistency and no transactions (aka SimpleDB)?
Using Amazon AWS to create an offline database
Can I set the expires header on all objects in an Amazon S3 bucket all at once?
Book recommendation for running ASP.NET/SQL Server on AWS
Single instance Amazon EC2
What's the best python soap stack for consuming Amazon Web Services WSDL?
Fluffy Cloud Configurations For .NET
SSH into Amazon EC2 Instance
Have you made interesting use of Mechanical Turk?
What do you need to take into consideration when deciding between MySQL and Amazon's SimpleDB for a RoR app?
Experiences and tips for programming with and for Amazon's cloud servers/apps/tools?
Impact of AWS Account Identifiers
Amazon S3 standalone stub server
Parsing XML Elements & Attributes with Perl
Is there a way to have index.html functionallity with content hosted on S3?
Amazon Web Services