June 3, 2012 at 5:08 pm #6501
I have one SECURITY concern with the S3 integration. Maybe I missed a config in the instructions or videos?
In migrating to AWS S3 for my digital downloads storage I noticed when the digital download filetype is any one of the ones a browser can open directly rather than having to download it like a pdf, it exposes the AWS Security Credentials (AccessKeyID and Signature) in the URL of the opened file instead of masking them with the encrypted URL link or some other AWS URL.
Is this an S3 config item, eStore config, or just the way it is? Is there a fix or workaround?
I am going to have to revert back until this issue is resolved.June 3, 2012 at 5:48 pm #45830wzpModerator
Please see this thread, for an explanation, starting at the second post…June 3, 2012 at 6:49 pm #45831
Thanks for that T&T Link (BTW maybe it could have an S3 Tag added for searchability).
I don’t know what is happening behind the scenes on the Get Request and I know very little about S3 but it appears eStore is using a Signed URL method because it allows for it to be Time Limited. The trade off though it sacrifices securityeven if the credentials are ‘public’ which is contrary to S3 security best practices. It likely also means they are passing in clear text from eStore to AWS as part of the URI Get Request.
If you do go back in to tweak the S3 Integration to strip out the credentials in the URL it would be nice if you could add support for using a Virtual Host name from a field in the S3 Config of eStore (like My Domain) or the Bucket Name.
Thanks again for the help – on Sunday no less!June 3, 2012 at 7:32 pm #45832wzpModerator
As a 30 year information security professional, I assure you that use of AWS signed/expiring URL is secure. The signature is a one way hash, that requires knowledge of your AWS Secret Key to recreate. The only practical way for the signature to be forged is to hack your server and get **both** the public **AND** secret AWS key values from your WordPress database.
Per the documentation, the S3 integration already does support CNAME DNS aliases.June 4, 2012 at 2:57 pm #45833
WZP – Everything is working great since the changes. Fast downloads, no empty files or errors and I am very comfortable with the security workaround.
- You must be logged in to reply to this topic.