Can I use the JS3Upload applet and hide the secret key in code? I would like to use it for a self-service media upload site. End users can upload their videos to the site. Videos would be stored in S3. I can't give end users the AWS key and secret key.
How can this be done?
S3 UploadRe: S3 UploadYes, but you need source code to hardcode the secret key. And you need to rebuild the applet (JFileUpload + JS3Upload add-on) and resign it.
Do you have Java skills to do it ? Re: S3 UploadNo, we do not have Java developers. Thanks for the info.
Re: S3 Upload - AWS Secret key not neededSince version 2.1 we have a solution to avoid exposing AWS secret key. It is based on the new S3 HTML POST feature. It's now possible to generate a policy parameter an sign it. The policy document includes rules for upload (bucket name, acl ...). You sign this document with your AWS id + secret key. Then you just need to pass both policy and signature to applet as parameters. The policy document includes an expiration date. We provide a policy generator at:
http://www.jfileupload.com/products/js3 ... rator.html |