Page 1 of 1
S3 Upload
Posted: Sun Jan 27, 2008 9:13 pm
by import
Can I use the JS3Upload applet and hide the secret key in code? I would like to use it for a self-service media upload site. End users can upload their videos to the site. Videos would be stored in S3. I can't give end users the AWS key and secret key.
How can this be done?
Re: S3 Upload
Posted: Sun Jan 27, 2008 9:14 pm
by import
Yes, but you need source code to hardcode the secret key. And you need to rebuild the applet (JFileUpload + JS3Upload add-on) and resign it.
Do you have Java skills to do it ?
Re: S3 Upload
Posted: Sun Jan 27, 2008 9:15 pm
by import
No, we do not have Java developers. Thanks for the info.
Re: S3 Upload - AWS Secret key not needed
Posted: Sun May 25, 2008 6:37 pm
by support
Since version 2.1 we have a solution to avoid exposing AWS secret key. It is based on the new S3 HTML POST feature. It's now possible to generate a policy parameter an sign it. The policy document includes rules for upload (bucket name, acl ...). You sign this document with your AWS id + secret key. Then you just need to pass both policy and signature to applet as parameters. The policy document includes an expiration date. We provide a policy generator at:
http://www.jfileupload.com/products/js3 ... rator.html