I have flash (AIR) application running on a single controlled system (there is only one computer running it and nobody has access to it).
I will host some files on Amazon’s S3 and I need to make sure that only my flash app running locally on that computer can access those files.
I’m wondering what the best (most secure) approach would be for doing this.
My initial thought is to make the files on S3 private and store the secret key on the local computer running the flash app. Then when I needed to access the files from flash I would send out an authenticated query string with some expiration time. The only problem with this is that I don’t know how to generate the S3 signature in flash. Also I’m a little skeptical about storing the secret key on the flash machine (even though it’s a privately owned machine with no other users using it).
Is there a better approach perhaps? I have access to a server with PHP, so I could maybe use that as some kind of proxy, I’m just not sure how while keeping the file access secure and not creating a bottleneck through the web server (as opposed to direct access to S3).
Any help would be appreciated.
I would use a proxy for this so you can reuse the file retrieval architecture for any future clients you decide to create. Have the flash app authenticate to the proxy, request a file in a friendly API fashion, and then have your proxy retrieve the file from S3.