PhpFoxJohnJr
commented
3 years ago Is this still happening?
Open sryn101 opened 4 years ago
PhpFoxJohnJr
commented
3 years ago Is this still happening?
sryn101
commented
3 years ago Yes it is..
PhpFoxJohnJr
commented
3 years ago Sorry for the lack of understanding as I am looking into using s3 and your bug report scares me as my site depends on the privacy of images. Are you using cloudfront? Here is what I found about cloudfront...
Securing Your Content
Often, companies that distribute content over the internet want to restrict access to documents, business data, media streams, or other content so that only selected users, like paying customers, can request it. By using CloudFront, we can set up additional access restrictions like geo-restrictions, signed URLs, and signed cookies, to further constrain access to the content following different criteria.
Another security feature of CloudFront is Origin Access Identity (OAI), which restricts access to an S3 bucket and its content to only CloudFront and operations it performs. The CloudFormation template in this blog post includes OAI to help ensure that your content is protected and restricted.
sryn101
commented
3 years ago Sorry.. I had not upgraded it to latest version.. I upgrade it and I dont see this issue any more.. thanks PHPFox
What's happened? There seems to be a high security issue with Amazon app, The app only works when we allow full public access to the bucket, in which case, anybody is able to access that bucket by just copy pasting the URLs of the images.
Steps to reproduce:
What's expected?
When you right click on one of the images on facebook and copy the image link and paste it in another tab you can see a time stamp, if you remove that or just go to folder path, it wil give an error message:: https://scontent-syd2-1.xx.fbcdn.net/v/
Browsers and Devices tested
Chrome on PC
...
Server information
php 7.1 apache
...
phpFox version
phpFox 4.8.0
...
Screenshots
...