12 comments

[ 2.5 ms ] story [ 41.4 ms ] thread
When I'm reading about how he does this, it looks like it has all the app logic in client-side Javascript. That scares me from a security standpoint.
IF everything is stored somewhere on the client (including keys), what prevents someone malicious from borrowing the same keys to wreck havoc on your S3 bucket?
The secret key isn't stored in the client (I looked :P), only the AWSAccessKeyId, policy, and signature are.

The policy dictates what can be stored in the bucket, and the signature validates the policy so folks don't tamper with it.

The other key concept is that after some clients upload to a specific sub path area that is authorized for uploads, the clients can use a query string option on a GET request to list out files in that area. I suppose the website owner could have one or more administrative javascript sessions running that will periodically poll this area as just described, to process the data and upload a more compact listing for clients to retrieve.
The consumer facing side requires no access keys so he's good. The admin side does however, so the assumption is that only a select few (one person really) is responsible for administration.

You could add SimpleDB to the mix to store hash data using similar practices.

Pretty cool imho. Libraries like jquery can easily be used to create the C in MVC anyways. Model in SimpleDB, C in Jquery, and V (plus any bin files) in S3.

There is some validation logic on the server side using an S3 policy.

Base64 decode the policy input field on the postForm and you get:

  {
  "expiration": "2009-01-01T12:00:00.000Z",
  "conditions": [
    {"bucket": "vtabroadbandwiki" },
    {"acl": "private" },
    ["starts-with", "$key", ""],
    ["starts-with", "$Content-Type", "text/xml"],
  ]
  }

http://doc.s3.amazonaws.com/proposals/post.html#Access_Contr...
It would be interesting to combine this with Google Gears for offline storage too. Tougher to create something that securely shared data between users, but for a single user this could still make some powerful apps!
Static IP's are a game-changing game changer.
This is a neat trick, but not very flexible or scalable.

Basically each user is given a presigned authorization token that lets them upload certain files to their bucket. Other users only have read access to the index. The clever trick is that the key is used to store the publicly available data like the latitude and longitude.

It works out well in his case, but it's not very useful generally.