Open tremby opened 8 years ago
abuisine
commented
8 years ago I confirm that the current implementation does not allow to limit an upload to a particular filename. You can mitigate this with strict policies on amazon. I will try to have a look as I got the same need :P
tremby
commented
8 years ago Evaporate (https://github.com/TTLabs/EvaporateJS) solves this particular issue by doing all signing on the server side.
I've been using that package.
I can see that doing all the signing on the client side would lessen the load on the application server significantly, but for me having a malicious user able to change the upload destination is a dealbreaker.
I wonder if there would be any way to produce a new policy on the server side for a particular upload which allows uploading to only a particular key (which could also be dictated or enforced by the server side in the same call), and signing this policy for the client side to then use?
I may be missing something, but it doesn't look like the upload destination (S3 key) is enforced at all. Am I right that a user given a signature by this could upload to any location in the S3 bucket, as far as it's allowed by the bucket policy?
Would a user then be able to overwrite a file uploaded by another user?
What would it take to give a user a particular location they're allowed to upload to, such that they can't change this without requesting another signing key?