mercredi 14 octobre 2015

How to prevent brute force file downloading on S3?

I'm storing user images on S3 which are readable by default.

I need to access the images directly from the web as well.

However, I'd like to prevent hackers from brute forcing the URL and downloading my images.

For example, my S3 image url is at http://ift.tt/1jyOQAd

They can brute force test and download all the contents?

I cannot set the items inside my buckets to be private because I need to access directly from the web.

Any idea how to prevent it?




Aucun commentaire:

Enregistrer un commentaire