Security issue with using Amazon AWS app #2927
Comments
|
Is this still happening? |
|
Yes it is.. |
|
Sorry for the lack of understanding as I am looking into using s3 and your bug report scares me as my site depends on the privacy of images. Are you using cloudfront? Here is what I found about cloudfront... Securing Your Content Often, companies that distribute content over the internet want to restrict access to documents, business data, media streams, or other content so that only selected users, like paying customers, can request it. By using CloudFront, we can set up additional access restrictions like geo-restrictions, signed URLs, and signed cookies, to further constrain access to the content following different criteria. Another security feature of CloudFront is Origin Access Identity (OAI), which restricts access to an S3 bucket and its content to only CloudFront and operations it performs. The CloudFormation template in this blog post includes OAI to help ensure that your content is protected and restricted. |
|
Sorry.. I had not upgraded it to latest version.. I upgrade it and I dont see this issue any more.. thanks PHPFox |
What's happened?
There seems to be a high security issue with Amazon app, The app only works when we allow full public access to the bucket, in which case, anybody is able to access that bucket by just copy pasting the URLs of the images.
Steps to reproduce:
What's expected?
When you right click on one of the images on facebook and copy the image
link and paste it in another tab you can see a time stamp, if you remove
that or just go to folder path, it wil give an error message::
https://scontent-syd2-1.xx.fbcdn.net/v/
Browsers and Devices tested
Chrome on PC
...
Server information
php 7.1 apache
...
phpFox version
phpFox 4.8.0
...
Screenshots
...
The text was updated successfully, but these errors were encountered: