joonhocho
commented
8 years ago There's already a repo that does that https://github.com/tj/node-s3-policy, but it's not being maintained and it's for v2, not v4 signature.
Closed joonhocho closed 8 years ago
joonhocho
commented
8 years ago There's already a repo that does that https://github.com/tj/node-s3-policy, but it's not being maintained and it's for v2, not v4 signature.
joonhocho
commented
8 years ago I created a repo with little refactoring to the code. https://github.com/joonhocho/s3-policy-v4
benjreinhart
commented
8 years ago Hey @joonhocho,
Thanks for your interest. I don't believe it's necessarily a bad idea so long as you're not sending over your root account credentials or credentials that otherwise have read/write access to protected resources that you don't want to be public. AWS has IAM user & permissions which you can use to create a user with certain permissions and then you can bundle that user's access key and secret key with your app. For my projects, I created a user who has as little permissions as possible. In my case, the IAM user has can only GetObject and PutObject to one specific directory which is essentially a public directory anyways. Other than that, our IAM user cannot access anything.
If you'd like to create those permissions on the server that's great, I believe there are many libraries out there that accomplish that in addition to the one you extracted from this library, including Amazon's own node SDK. However, I do not wish to perform an extra API call every single time I suspect a user is about to upload a photo and additionally my server is not in written in Node.
joonhocho
commented
8 years ago Thanks for your answer! I have a question. If you bundle your IAM's access key and secret key together with your app, couldn't hackers get an access to those values and abuse them?
benjreinhart
commented
8 years ago I'm sure there is a way, though I'm no expert. My guess is that would maybe require some reverse engineering, although perhaps not as much as if it was bundled with code that was compiled to a binary (don't believe the JS bundle is compiled before being shipped).
I'm not the best person to ask for this. All I know is that I only ship credentials that would have relatively low impact if they were to fall into the wrong hands. In general, I'm sure it's still best practice to do this on server. I'll consider adding better support for server side generation of policies.
joonhocho
commented
8 years ago I agree with you. Thanks!
First, fantastic work and very clean source! Thanks for your work! As far as I know, it's not a good idea to put your api key in the client side source. It's better to have your server sign a policy and send it to the client for each upload. So I think it would be nice to factor out S3Policy module into a separate repo so that server can use it. What are your thoughts?