Reputation: 141
Uploading objects to AWS S3 using presigned URLs
I'm looking to use the presigned URL feature to allow users of my serverless application to upload images. After reading it sounds like the perfect solution but I have a question around security.
By using the presigned URL method, the upload happens client side rather than server side and my only concern with this is despite my app requiring authentication before an upload happens it doesn't prevent a user uploading a malicious file as they could bypass by client side checks to determine whether the file is an image or not.
Does anyone have any clarification on this matter?
Thanks!
Upvotes: 1
Views: 194
Answers (1)
Reputation: 78663
Correct. If they can retrieve the pre-signed URL and bypass your client-side logic then they can upload whatever they like using that URL. If you can't completely control the client-side exposure then you can't trust client-side validation and you should implement rules server-side as well. You could use Lambda here, potentially.
Upvotes: 1
Related Questions
- React Native upload to S3 with presigned URL
- Unable to upload image file to s3 from React with Node presigned url
- How do I put object to amazon s3 using presigned url?
- Image upload to s3 using presigned url with ReactJs/NodeJS throws 403 error SignatureDoesNotMatch
- S3 presigned url file upload – nodeJS + client
- AWS S3 presigned url with React uploads empty file
- How to upload files to AWS S3 directly from the browser(Front-end) using preSigned PUT URLS in Vanilla JavaScript with Axios
- Streaming uploading to S3 using presigned URL
- How to upload a file to S3 using presigned Url with React.js
- reactJS file Upload to AWS S3