我建立一个Web应用程序,并期待到使用Amazon S3存储用户上传的。
I'm building a web application and am looking into using Amazon S3 to store user uploads.
我关心的是,我不希望用户A看到他的下载链接为一个文件,他上传的是urltoMyS3 / doc1234.pdf并尝试urltoMyS3 / doc1235.pdf并获得另一个用户的文档。
My concern is, I dont want user A to see his download link for a document he uploaded is urltoMyS3/doc1234.pdf and try urltoMyS3/doc1235.pdf and get another users document.
我能想到的做到这一点的唯一方法,就是只允许在Web应用程序连接到S3,然后检查用户是否有权访问的Web应用程序的文件,具有Web应用程序下载的文件,然后将其提供给客户机。这种方法的问题是该应用程序将必须先下载文件并将不可避免地减慢下载进程向下的用户。
The only way I can think of to do this, is to only allow the web application to connect to S3, then check if the user has access to a file on the web application, have the web app download the file, and then serve it to the client. The problem with this method is the application would have to download the file first and would inevitably slow the download process down for the user.
如何在用户文件通常与Amazon S3的处理?或者是它根本就不是通常用在一个场景中的文件不应该公开?难道还有其他的服务,为这样的事?
How is user files typically handled with Amazon S3? Or is it simply not typically used in a scenario where the files should not be public? Is there another service for something like this?
感谢
推荐答案
您可以实施的查询字符串认证的,这将解决您的问题。
You can implement Query String Authentication, which will solve your problem.
查询字符串身份验证是非常有用的 对资源的访问,通常会要求进行身份验证。该 签名在查询字符串固定请求。查询字符串 认证请求需要一个到期日期。您可以指定 在几秒钟时代或UNIX时间(数字未来到期时间 自1970年1月1日)。
Query string authentication is useful for giving HTTP or browser access to resources that would normally require authentication. The signature in the query string secures the request. Query string authentication requests require an expiration date. You can specify any future expiration time in epoch or UNIX time (number of seconds since January 1, 1970).
相关推荐
最新文章