For questions about securing the data stored in Amazon's S3 storage service or Amazon Simple Storage Service, vulnerabilities associated with it, mitigating the risks, etc...
Questions tagged [amazon-s3]
54 questions
10
votes
3 answers
What is the purpose of the expiration time in signed S3 urls?
S3 allows you to authenticate requests for media via a signed URL. This URL can include an expiration time, after which the URL is no longer valid…
John Lucas
- 203
- 1
- 2
- 5
5
votes
1 answer
Preventing millions of requests to Amazon s3 bucket
I developed an open source library and hosted its assets on Amazon S3 (CSS, JS), these files were used in demo via URLs like: http://my_bucket_name.s3.amazonaws.com/some-file.js (my bad, I know). Without my permission some websites started…
Marvin3
- 151
- 4
1
vote
2 answers
Are public website s3 buckets vulnerable to DDoS attacks?
We are trying to make our web app the most cost effective and secure we can.
For that reason we are using Cloudflare instead of CloudFront as a CDN for our frontend resources.
We put CloudFront between Cloudflare and S3 to be able to use Full SSL…
Matias Haeussler
- 173
- 6
1
vote
1 answer
Is it secure to have public access to the file on S3 with `secret` url?
For example https://s3-eu-west-2.amazonaws.com/mybucket/620f5cb4132cf1b4619503ece569599e
This is a private file, I send to the web-browser through https link to that private file - but this file is publically accessible by this link. Should I add…
Vitaly Zdanevich
- 117
- 7
0
votes
3 answers
Monero being mined on our server
I noticed that recently our website has been performing poorly and often using 100% CPU usage on users machines. After looking into this I have noticed that all of the jquery files on our CDN were edited 6 days ago and are now mining Monero…
Aphire
- 119
- 6