Questions tagged [amazon-s3]
For questions about securing the data stored in Amazon's S3 storage service or Amazon Simple Storage Service, vulnerabilities associated with it, mitigating the risks, etc...
54 questions
1
vote
1
answer
124
views
Is it safe to store harmful files to storage like AWS S3?
I am new to security topics, please don't assume knowledge and spare no details if you're able to answer my questions.
I am trying to design a system that performs the basic functionality of ...
- 11
1
vote
0
answers
124
views
Prevention of access to user data running on the cloud
I am building a web-based software as a service (SaaS) platform for engineering simulations that run on the cloud, and wish to prevent my access to user data by design. The user designs a 3D geometry (...
- 129
2
votes
0
answers
94
views
AWS sub-accounts to protect against deletion of versioned data in S3
How can administration teams (or software processes) be granted the ability to alter or remove objects from in AWS S3, while prohibiting the permanent deletion of underlying data versions, so as to ...
- 195
0
votes
1
answer
528
views
After creating an AWS user for S3 access with access key and secret key, how do I share these with the user?
I have a private S3 bucket. I want a user from an external organisation to have access.
I have added a user in IAM. How does this external user get notified and how do I share credentials?
The secret ...
- 671
0
votes
1
answer
225
views
Sharing a text file via Amazon S3 link with random words numbers [duplicate]
I would like to share a csv file to two or more separate computers/users. They would be running our software program which reads this text file. This is just initial idea for feedback please.
To make ...
- 101
0
votes
1
answer
2k
views
How hard to hack are S3 Last-Modified timestamps?
Context: There are many reasons for wanting a very trustworthy timestamp on a document, as discussed in many other questions here such as this one I wrote in 2010. E.g., in an election auditing ...
- 21k
0
votes
0
answers
451
views
Risks of web crawlers on public buckets
So I have some data that isn't overly sensitive, but I'm still on the fence on whether or not we should invest the additional time into managing it as a private resource, vs just publicly available.
...
- 103
1
vote
2
answers
513
views
How to manage Encryption Key for Server Side Encryption in AWS S3
I need to encrypt personal data like email, phone number, etc. I am using AWS KMS for managing the encryption keys. This is the system that is already implemented is as follows:
All the existing data ...
- 11
1
vote
2
answers
3k
views
Amazon AWS S3 Unrestricted File Upload
While I was pentesting a web application, I found out that files that are uploaded to the web application are stored in an AWS S3 instance. Based on my experience, when a web application needs to ...
- 143
0
votes
0
answers
275
views
Server Upload to presigned URL
I am writing a ReST service which enables user to get a tar archive of a set of requested documents. When the request succeeds, the service should upload the file to a pre-signed URL that points to an ...
- 101
1
vote
1
answer
317
views
Does adding a randomized string in S3 file path has equal security to Google Drive shared link
I would like to use an AWS S3 bucket to store my IoT firmware file and allows all of my IoT devices to access it to update the firmware to the latest version.
I want that the firmware file in the S3 ...
- 395
0
votes
2
answers
456
views
No SSL between Cloudflare and S3 static site. A big security issue?
So I have a S3 static website. Domain, DNS and proxy is managed via Cloudflare. Cloudflare is set to communicate with browsers using SSL and it in fact enforces SSL for non-SSL requests. However, ...
- 101
0
votes
0
answers
464
views
DigitalOcean Spaces for personal backups
Sorry for the naive question.
I wonder how DigitalOcean Spaces (S3 compatible) fits personal backups.
I found a lot of information about security of Amazon S3 and its security is undoubted, however, ...
- 101
1
vote
0
answers
165
views
Is using randomized filenames a good way to secure data stored in a product like S3?
If I want to use a S3 clone to host something somewhat sensitive (probably digitalocean, since it's cheapest and probably has a perfectly good quality), is it sensible to do it this way:
https://...
- 225
1
vote
1
answer
1k
views
Is the Amazon S3 Pre-Signed URL protected from brute force attack?
I want to know that whether Amazon S3 Pre-Signed URL is protected from brute force attack.
For example, if I am the only person who knows the Pre-signed URL, is it extremely unlikely that somebody use ...
