security - How to secure S3 download for user sensitve data? -


suppose have web application ebook shopping, users can download books have paid. , ebooks data(like epub data) stored in s3, users got s3 download url when our app validated user bought 1 book.

i know s3 generate temporary , time-limited urls user. problem url temporary , time-limited, happen if chance user temporary url within limited time?

ok 1 way seems letting limited-time short, 10 seconds, potential risks still there.

i know question rigorous, how deal it? or forget it?

if concern buyer distribute url, equally distribute file they've downloaded.

if concern hold of url without buyer's knowledge, perhaps protect download token buyer know (e.g. password of sort). make url unusable other buyer. downside inconvenience people who've paid product.


Comments

Popular posts from this blog

c++ - llvm function pass ReplaceInstWithInst malloc -

Cross-Compiling Linux Kernel for Raspberry Pi - ${CCPREFIX}gcc -v does not work -

java.lang.NoClassDefFoundError When Creating New Android Project -