Closed dhasegan closed 9 years ago
Made the bucket private and the files routed through the app for the course documents and the course homework submissions. But the files are still uploaded to be available for everyone!
The hws and docs are uploaded to S3 with a randomly generated sha with a not-stored salt. Cannot be cracked by guessing it. Its public on S3 but no one can find the link
If course homework is uploaded to s3 then anyone can access it with the proper link. not so hard to reverse engineer something like thi.
Find a way to make it either hard to find with a token or make the part of the bucket private