The module contains a huge vulnerability since the AWS request signing endpoint is open to the public. This PR aims to make it a bit harder to exploit the signing endpoint by validating a user's authentication before signing requests, and by documenting some of the shortcomings and suggesting a bit more secure configuration in README.
The module contains a huge vulnerability since the AWS request signing endpoint is open to the public. This PR aims to make it a bit harder to exploit the signing endpoint by validating a user's authentication before signing requests, and by documenting some of the shortcomings and suggesting a bit more secure configuration in README.