Rohit
2007-Oct-24 00:43 UTC
how to limit Amazon S3 access to my app''s pages only (i.e. no hot-linking) ?
Hey there, I want to stream my app''s media from Amazon S3. I''ve gotten the basics down, having uploaded files, set their permissions for public access, and now can use their S3 URLs wherever I need them. My question is this: can I restrict access to my S3 files to only within the context of the pages that my application serves? I want to avoid people just looking at the source from the browser and downloading my content, i.e. hot-linking. Can I make my app be the only authorized requester of files? I know I can create expiring links with S3, and use ''Query String Authentication'', but I am unsure how either technique would help me. it also doesn''t seem that S3''s ACL can work for me, either. Right now, I have fields in my DB that contain the URLs for my content that are just written in HTML to the pages. Any ideas? Thanks so much for any help or insights. -Rohit --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Rohit
2007-Oct-24 16:47 UTC
Re: how to limit Amazon S3 access to my app''s pages only (i.e. no hot-linking) ?
I found this post on the S3 developer forums that sheds some light on this issue: http://developer.amazonwebservices.com/connect/thread.jspa?messageID=62081 On Oct 23, 5:43 pm, Rohit <rohi...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Hey there, > > I want to stream my app''s media from Amazon S3. I''ve gotten the > basics down, having uploaded files, set their permissions for public > access, and now can use their S3 URLs wherever I need them. > > My question is this: can I restrict access to my S3 files to only > within the context of the pages that my application serves? I want to > avoid people just looking at the source from the browser and > downloading my content, i.e. hot-linking. Can I make my app be the > only authorized requester of files? > > I know I can create expiring links with S3, and use ''Query String > Authentication'', but I am unsure how either technique would help me. > it also doesn''t seem that S3''s ACL can work for me, either. Right > now, I have fields in my DB that contain the URLs for my content that > are just written in HTML to the pages. > > Any ideas? Thanks so much for any help or insights. > > -Rohit--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---