security,hyperlink,amazon-s3,download , AWS S3 The security of a signed URL as a hyperlink


AWS S3 The security of a signed URL as a hyperlink

Question:

Tag: security,hyperlink,amazon-s3,download

Is this safe? Maintaining security using a pre-signed url with AWS S3 Bucket object?

<a href="https://mywebsite.s3.amazonaws.com/40.pdf?AWSAccessKeyId=[my access key]&Expires=1433297453&Signature=[this random set of numbers]">my link</a>

Another words - part 1...

say I'm storing a bunch of separate individual's files in a bucket. I want to provide a link to a file for a user. Obviously, each file is uniquely but consecutively named, I don't want people to be able to change the link from 40.pdf to 30.pdf and get a different file. This URL seems to do that.

part 2, and more importantly....

Is this safe or is a it dangerous method of displaying a URL in terms of the security of my bucket? Clearly, i will be giving away my "access key" here, but of course, not my "secret".

Already answered 3 years ago... sorry. How secure are Amazon AWS Access keys?


Answer:

AWS Security Credentials are used when making API calls to AWS. They consist of two components:

A Signed URL is a method of granting time-limited access to an S3 object. The URL contains the Access Key and a Signature, which is a one-way hash calculated from the object, expiry time and the Secret Key.

A Signed URL is safe because:

However, anyone can use the URL during the valid time period. So, if somebody Tweets the URL, many people could potentially access the object until the expiry time. This potential security threat should be weighed against the benefit of serving traffic directly from Amazon S3 rather than having to run your own web servers.


Related:


My image-links won't work


image,hyperlink,clickable-image
I am trying to link an image, in html looks like this: <a href="#" class="image"><img src="logo.png"></a> and in CSS I have: .baraMeniu a.image{ display:block; } Yeah... display:block is just an awkward try to make the image clickable. I am begginer so please take it step by step. Edit:I forgot to...

Rails category (or filter) links in same controller?


ruby-on-rails,ruby,hyperlink,model,controller
Having trouble understanding how using links_to filter content within the same controller in the rails view works. My code is below: # index.html.erb (link nav area) <nav> <%= link_to 'Daily Monitoring', root_path(:category => "dailymonitoring") %> <%= link_to 'Smoke Tests', root_path(:category => "smoketests") %> </nav> # index.html.erb (cont.) <ul id="results"> <%...

Is client-side java intrinsically less secure than javascript?


java,javascript,security
Much has been made of a series of bugs and exploits on client side java, leading to the blacklisting of various versions by apple, mozilla, etc. Yet javascript is an even less controlled language without static typing. Today javascript allows for many of the same potential problems: local storage, accessing...

RSA encryption in Android and Java


java,android,security,encryption,rsa
I would like to encrypt a String with RSA encryption. My public/private keys were generated and stored in DB. In android, I use this code: public static String encryptRSAToString(String text, String strPublicKey) { byte[] cipherText = null; String strEncryInfoData=""; try { KeyFactory keyFac = KeyFactory.getInstance("RSA"); KeySpec keySpec = new X509EncodedKeySpec(Base64.decode(strPublicKey.trim().getBytes(),...

How to add links to chart.js (Doughnut Charts)?


javascript,hyperlink,charts.js
I would like to add links to doughnut charts to be able to send the user for a page with the records filtered by the clicked option. For example here, if the user click on "Green", I want to send the user to a page that will show all "Green"...

Hide sensitive information from git changes


git,security
Is there a way to instruct git to hide my sensitive information. E.g. credentials.php (in local repository). Line1: $dbname = 'xyz'; Line2: $dbpassword = 'password'; credentials.php (in github repository and history). Line1: $dbname = 'xyz'; Line2: $dbpassword = 'xxxxxxxx'; So git automatically hides the information with 'x'. If not via...

X509Certificate: what is the difference between getIssuerDN() and getSubjectDN() methods


java,security,authentication,x509
I'm using X509Certificate class in java, and when I want to get the subject name I try: x509certificate.getIssuerDN().getName(); and x509certificate.getSubjectDN().getName(); both methods have the same result. So what is the difference between them ??...

shared memory performance and protection from other processes


linux,security,shared-memory
I am trying to implement a JIT compiler (I have very geeky hobbies). I would like to have one main process that keeps some persistent variables, and a second process (that has been compiled just-in-time) that does some computation and can access and write on the persistent variables. The second...

What damage can a website do?


security,web
Now and then I (accidentally) come across websites that my anti-virus warns me about. Out of curiosity, what kind of damage can a website do? I've been working in web development for around 4 years now and can't think of any 'genuine' damage worth warning the user about. Maybe I'm...

Headers for security


security,http,header
I've been reading articles about the protection of your website and they say to place these 3 headers: X-Frame-Options: DENY X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff In my website to protect it from Website attacks, but I dont know how to declare it in my header, can someone help me with...

Set a Link into a Js var?


javascript,jquery,html,angularjs,hyperlink
I do struggle somehow, as mentioned I need to put a Link into a var in js, so that it will open only when clicked on this item. Js part looks as follow: var items = [{ 'icon': 'new', 'name': 'test', 'date': 'today', 'user': { 'name': 'test', 'color': '#07D5E5' }...

User process can't see global shared memory created by service


c++,windows,security,winapi,memory-mapped-files
I have a Windows service (running in the system process) and a desktop application that need to share a configuration structure. The data originates in the app, but the user process doesn't have permission to create a global memory object so I create it when the service starts using CreateFileMapping()...

Wordpress: Changed HTTP to HTTPS, now security certificate error


wordpress,security,https
I was trying to secure my website and found a blog on wordpress which shows how to change HTTP to HTTPS from the wordpress settings. I did what it said and now my website won't let me navigate further than the home page. I tried logging into the admin page,...

Output and Command Link in one in JSF


jsf,hyperlink,action
Is there a possibility to use both outcome and action in the same command link? I tried <h:commandLink outcome="page?faces-redirect=true" value="Got to Page" action="#{Bean.setValue("...")}" /> but it ignores the outcome. I have a table with data like this: ID Name Other Things Link to Next Page So I want to give...

JQuery Add expiration to authentication token stored with HTML5 localStorage?


php,jquery,mysql,security,authentication
I am making a mobile game with JQuery Mobile, a multipage template (so all pages in 1 html file, which makes it usable with PhoneGap). Since it is HTML I am using JQuerys $.post function to send data to php scripts such as login.php, register.php, which add/update/delete data from the...

Run Golang as www-data


security,go
When I run a Node HTTP server app I usually call a custom function function runAsWWW() { try { process.setgid('www-data'); process.setuid('www-data'); } catch (err) { console.error('Cowardly refusal to keep the process alive as root.'); process.exit(1); } } from server.listen(8080,'localhost',null,runAsWWW); so the server is actually running as the www-data user to...

Hashing passwords even when password is server-generated?


php,mysql,security,hash
Shall I hash users of my portal when password is generated by server and user cannot change it? Logically: User can't use this passwords anywhere else as it is server-generated. Even when somebody access database illegally, they can change password and see it, but it is useless for them as...

Placing secure data in Java web application


java,security,tomcat
The question is about security in tomcat, but first consider the following example: Suppose you have apache web server. Then, under www folder, create folder named dist, and under folder dist create folder named bdf23b1c-ddd3-4d5b-8fdf-948693674011. Under this folder create some file with secure information. For example, some private picture you...

When a security update is applied as a patch, does the product name change?


security,patch
When a security update is applied as a patch, does the product name change? I.e. Windows Server 2008 If this server undergoes a patch and/or security update, does it still appear as Windows Server 2008, or does it have to undergo a name change - I.e Windows Server 2008 version...

PHP - Read data in .txt and output $Data?


php,hyperlink,passwords,username
Hello so I have a text file that as this data.txt data e.g. username I need this to out put into a $tag File.php if ($username == "$data") { echo "User Found" } else{ echo "User not found";} Any help on this would really be nice :)?...

Google Maps API - Hyperlink in Map Infoview not opening native GoogleMaps


android,google-maps,hyperlink,google-maps-android-api-2,onclicklistener
I am developing a GoogleMap Map with a custom InfoView. In my InfoView, I want a hyperlink opening the native GoogleMap application with my longitude and latitude on Click. I've tried by using the Common Intents API Guide and creating a hyperlink with this syntax: geo:latitude,longitude and in my code:...

Is it possible for a user to modify site javascript in browser?


javascript,security
I don't know a lot about security, but I'm trying to figure out how to keep my site as safe as possible. I understand that as much stuff that I can handle on the backend the better, but for instances where I'd like to hold some variables on the client,...

Reverse ^ operator for decryption


c,algorithm,security,math,encryption
I'm trying to reverse the following code in order to provide a function which takes the buffer and decrypts it. void crypt_buffer(unsigned char *buffer, size_t size, char *key) { size_t i; int j; j = 0; for(i = 0; i < size; i++) { if(j >= KEY_SIZE) j = 0;...

Getting “format not a string literal and no format arguments” warning while using GTK+2


c,security,gcc,gtk,gcc-warning
I am getting an error like this: warning: format not a string literal and no format arguments [-Wformat-security] GTK_BUTTONS_OK, (const gchar*)message); ^ because of this function: static void show_message (gchar *message, GtkMessageType type) { GtkWidget *dialog = gtk_message_dialog_new(NULL, 0, type, GTK_BUTTONS_OK, message); gtk_dialog_run(GTK_DIALOG(dialog)); gtk_widget_destroy(dialog); } How can I fix it?...

Unsure if website has been hacked with iframe


javascript,html,security,iframe
My website seems to be loading code which doesn't actually exist on my server. I know the problem is server-side because I've tested with other computers... The code seems to load a header and then put's my real website inside an iframe, strangely there are no ads or redirects which...

Is there any formula to create a hyperlink in an excel to another sheet?


excel,hyperlink,excel-formula
Here is what i exactly need to do. I have an excel workbook with many sheets. I need to work on two sheets- Attributes_Master and Domain_Details. Both have a field in commmon - Domain but not in same order. I need to add a hyperlink in Domain column of Attributes_master...

Android how to handle sensitive data in memory


android,security,passwords
Please I have the following scenario: the app uses a password to access to some remote webservice over HTTPS; to do so, the app asks the user the password, does NOT store it on the device (and use it in a safe manner to access the webservice). My concern is...

Am I safe?? [trying to prevent sql injection] [duplicate]


php,mysql,security,laravel,pdo
This question already has an answer here: How can I prevent SQL-injection in PHP? 28 answers I was wondering if I'm safe from SQL injection if I have this in a script: < script> //some stuff var item = <?php echo json_oncode($PHPVAR) ?> item.replace(/"/,'&quot').replace(/'/,'&#39'); //do more script stuff with...

How to restrict file copying shared using Content Provider in Android?


android,security
Is it possible to forbid making copies of files for third party applications (like adobe reader), that I am using to open pdf files stored in internal memory of my application?

Configure Apache web server to perform SSL authentication


linux,apache,security,ssl,xampp
I'm trying to perform SSL authentication in apache web server, using XAMPP in Linux. After I configure httpd.conf like this, Apache server is failing to start. Can some one help me to fix this ? What is wrong with my configuration ? Alias /bitnami/ "/opt/lampp/apache2/htdocs/" Alias /bitnami "/opt/lampp/apache2/htdocs" <Directory "/opt/lampp/apache2/htdocs">...

Search and Replace Certain Extensions in Hyperlinks in Excel


regex,excel,hyperlink
I have an excel file with a load of hyperlinks. Some of the hyperlinks match a certain pattern, lets say file:///\\location\file_name_<xxx>.pdf, where <xxx> varies. There are also other hyperlinks that are similar, say file:///\\location\other_file_<xxx>.pdf. I want to be able to search and replace all hyperlinks matching (using simple * wildcard...

JQuery Table row .on(“click” find if a hyperlink was clicked or just row


javascript,jquery,html,twitter-bootstrap,hyperlink
I am developing a site with the following libraries: Parse.js: 1.4.2 JQuery: 1.11.2 and 1.10.3 (U.I.) Twitter Bootstrap: 3.3.4 I have created this JSfiddle with dummy data to explain what I am looking for: https://jsfiddle.net/xuf7wy4x/1/ As of right now, if I click ANYWHERE on the row, the onclick listener fires...

Android encryption and decryption of text fails


android,security,encryption,encryption-symmetric
I try to encrypt some text (here it is named code) and decrypt it again. For this i use a 4 digit Pin which is salted. After this the text is encrypted, also again some Base64 decoding, so i can safely output the String again. As i understand i have...

Convert a column of text URLs into active hyperlinks in Shiny


r,url,hyperlink,datatables,shiny
I am creating a user interface for a pathway enrichment program. The results are shown in a table as shown below. Below is a snippet showing that I am using DT::renderDataTable and DT::datatable to output the table in a tab. spia_out() is just a reactive function that runs the pathway...

Securing JWT tokens in a AJAX call


security,jwt
Say site A has a piece of javascript that does an ajax call to an endpoint on site B. Site A uses a JWT generated from site B to authenticate the requests. Wouldn't a user be able to get the JWT, simply by inspecting (e.g Chrome) the request and it's...

Make dynamic links (with ?) return error 404 not found


apache,.htaccess,dynamic,hyperlink,http-status-code-404
Using .htaccess (are there any other solutions?) is there a way to make all dynamic links (links containing the sign ?) of a site return a 404 not found response header? For example: http://www.example.com/?bla_bla - will return 404 http://www.example.com/test/index.html?no_redirect=true - will return 404...

Reveal info by clicking on link


arrays,post,hyperlink,get
I have 4 links: <a href=""><img src="img/photo1.jpg" /></a> <a href=""><img src="img/photo2.jpg" /></a> <a href=""><img src="img/photo3.jpg" /></a> <a href=""><img src="img/photo4.jpg" /></a> I also have md array: $users = [ "id_1" => [ "personal_id" => "111111", "name" => "Arthur Novickov", "location" => "Moskow", "age" => "22", "status" => "online" ], "id_2" =>...

Create a hyperlink to a project file in console output


java,intellij-idea,hyperlink,console,log4j
Is there a way for me to write out a link to the console output that when clicked on directs to a project file in Intellij? For example, this happens when a run-time exception occurs. I see the stack trace and I can click on a link in the console...

Javascript Render an Image from a Link


javascript,image,hyperlink
I'm working on something and my boss told me that our client needs a javascript that when put on their website in will generate or render the image from a certain link. Example Link. http://i.imgur.com/YmmSEz9.png Is that possible? I'm thinking that it is impossible because you will never know the...

iptables put all forwarding rules in prerouting


linux,security,networking,firewall,iptables
I have a question about security in iptables. Is it safe to give ACCEPT policy to FORWARD chain? I mean, if packet gets there, it has come through PREROUTING table and in PREROUTING you only change destination ip of packet if you "like it". all packets that get in FORWARD...

File security System in java? [on hold]


java,file,security,encryption
i'm new to java world.I have a idea about file secure system.When i add a file to the application it will encrypt and store a folder in the installation path.If i need to see the file ,i need to login with my username and password and the file will automatically...

disable css style for certain elements


html,css,hyperlink
I used css to create a style for a menu which has links but now that style applies to all the links on the page. how can i disable that css style for some links? Here is the css code: ul { list-style-type: none; margin: 0; padding: 0; overflow: hidden;...

Code fails for decrypting without salt or iv in Java


java,security,encryption,aes,password-encryption
I have a ciphertext and a 256-bit key to decrypt it, using AES. There is no salt or iv. I am using Java. I have implemented many of the solutions online, but they all use salts and input vectors. The following builds fine, but fails at runtime: "Salt not found."...

How to secure configuration file containing database username and password


php,security
Issue In order to connect my PHP code with MySQL database I use PDO way, creating variable, assigning it with new PDO object where arguments contain settings such as server, database, login and password. So in resulting code it could look like this: $DAcess=new PDO("mysql:host=server;dbname=database","login","password"); I don't feel comfortable having...

PHP: Secure a Rest Service with a Token mixed with Timestamp


php,rest,security,amazon-web-services,token
I have a rest service that my website calls it and I want to secure it from calling outside of my website as much as possible. I want to create a token mixed with timestamp, so the user can only call the service in 10 minutes (for example) with the...

jQuery link works when click on parent parent div


jquery,html,hyperlink,mouseover
I have a div (A), and inside another div(B), and then i have my link. What I would like to happen is that When we click on A, the link inside div(B) works. I succeeded to do it with one parent, but not 2... $(".block").mouseover(function() { if ($(".block .button").length) {...

salt created by Java SecureRandom has different getBytes() value [duplicate]


java,security,salt
This question already has an answer here: how to convert byte array to string and vice versa 13 answers I use java SecureRandom to create salt to encrypt user. However, when I tried to match user with salt and password, they failed on different machine. The user is created...

Is a site with html and javascript secure


javascript,html,css3,security
IF: I write a site in HTML5, Javascript and CSS3. It has no forms or any input other than mouse clicks on links. No logins. No messaging. No comments. Will this site have vulnerabilities? For the 2nd time in a month, I've been notified by my host there are files...

Role concept in the authorization


java,security,authorization
I'm writing the following public interface SecurityService{ public Error tryLogin(String usr, String psw); public String getRoleCurrentUser(); //Attention here } and of course, there will be a couple implementations. For instance, now I have public SpringSecurityService{ @Autowired AuthenticationManager authenticationManager; public Error tryLogin(String usr, String psw){ //Implementation here } public String getRoleCurrentUser(){...

Protect images download theory


javascript,html5,image,security
I am a full-time developer but am building a site for my photography hobby. I dont want people to download my images and besides the usual procedures (disable right click, block hotlinks to my images etc.) i was thinking about a solution which would work 99% of the time. The...