I have some files stored at amazon. all in private mode, and since I need provide users a way to download these files, each time an user needs to download a file I just create a authenticated url according to Authenticating REST Requests and the user can download the file for a gap of 5 minutes.
BUT once the url is generated I can see in the url my amazon key, is this something I should worry about? (I mean I know you need to have the secret key also to access to any object) but still this being secure?
-
The key is fine to publicly distribute, the secret is not.
So the answer is yes!
Edit: The public key along with the secret is used to generate the nonce. You need both to generate valid (secured) requests for amazon. The secret is private however.
0 comments:
Post a Comment