Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have several PDF files stored in Amazon S3. Each file is associated with a user and only the file owner can access the file. I have enforced this in my download page. But the actual PDF link points to Amazon S3 url, which is accessible to anybody.
How do I enforce the access-control rules for this url?(without making my server a proxy for all the PDF download links)
I would suggest using Amazon S3’s authenticated REST URLs with an expiration date. They allow temporary, expiring access to a non-public S3 object.
That said, if they’re going to share the URL, what’s stopping them from sharing the file itself?