So I'm building a messaging app in Cordova and I was wondering what the best approach is to secure the image files so no one else can view them. I suppose I can just generate random filenames and store them in the database, but that feels like pseudo-security. I also know that you can createPresignedRequest(), but that's for temporary files I believe. Maybe I'm missing something, but I can't figure out a good way to do this. I'm also using the PHP SDK. Not too important for scenario, but figured I'd mention it.
Asked
Active
Viewed 249 times
0
D-Marc
- 2,937
- 5
- 20
- 28
-
It is not clear what users of the app will be doing with the images. How are the images being stored on S3? Will the app display the images? You may want to look at generating a pre-signed URL for the images in question. Take a look at the documentation for the `createPresignedRequest` function. http://docs.aws.amazon.com/aws-sdk-php/v3/api/class-Aws.S3.S3Client.html#_createPresignedRequest – M3talM0nk3y Aug 11 '17 at 02:09
-
Think facebook messaging. A basic a messaging system of sending files or text messages. And `createPresignedRequest` is for temporary files – D-Marc Aug 11 '17 at 02:10
-
Let's continue the discussion in chat. https://chat.stackoverflow.com/rooms/151665/aws-sdk – M3talM0nk3y Aug 11 '17 at 02:56
-
Check the chat when you have a chance. – M3talM0nk3y Aug 11 '17 at 14:34
1 Answers
0
I also know that you can createPresignedRequest(), but that's for temporary files I believe.
Pre-signed links are temporary, but it doesn't matter if the object in S3 is.
You can either use pre-signed URLs or Amazon Cognito in combination with AWS IAM roles to grant certain users access to the files.
How it would work with Cognito is described on the following page: https://docs.aws.amazon.com/cognito/latest/developerguide/iam-roles.html
Dunedan
- 7,848
- 6
- 42
- 52