Comments (7)
It would be great ! 👍 Thanks
from react-native-aws3.
Yes, it is a better approach, at least in terms of security. I have supplied my thoughts on this in prior closed issues, mainly that I use IAM roles to create a user with as few privileges as possible so that any credential leak would have as limited impact as possible.
Specifically, I have a role that has only PutObject/PutObjectAcl to one sub directory in my S3 bucket. As far as I can tell, this means absolute worse case scenario is that the credentials could be used to overwrite existing files in that particular folder if they knew the file names (file names in my bucket have timestamps, UUIDs or both). Though it's possible I'm missing something else.
So given that, I'm not particularly concerned at the moment. That being said, I do agree that in general, this is still probably not a very safe stance to take on the matter. I built it this way so that I didn't have to deal with the complexity of making requests to a server first to generate the policies and handling any errors that could arise from those network requests. In other words, I chose simplicity/perf over potential security issues when I original built this.
All that being said, I agree this should be supported. I'm pretty sure one of the main reasons for this library having as many forks as it does is because of people who wanted this functionality. I haven't done this yet because I haven't been in React Native world lately and it'll take me some time to get this setup and tested to make sure it'll work correctly. I also wanted to have tests for this library before I kept making more changes, which I finally got around to doing this past weekend. So hopefully I'll have some time to get this rolled out shortly.
from react-native-aws3.
I ended up making something that does this and it is pretty simple. https://github.com/sebringj/siggy but your code was helpful seeing the specific AJAX post setting for "upload" that I was missing to get progress.
from react-native-aws3.
Cool, thanks.
This library currently only uses the browser based upload approach but I would like to switch over to the standard AWS Signature v4 signing which is more flexible. I have a branch on this repo from a while back that was attempting to get that working but ran out of time before I got it fully working. That would allow us to get/put/delete objects rather than only upload. When I have that working, I can also extract the policy generation module which is already pretty standalone within this repo, and then it could be used on the server with node.
from react-native-aws3.
thanks, that sounds good. I do use this in my React Native app zipstory (ios only right now) and I just upload videos and images directly to S3 via the device after presigning so it avoids server congestion. You can just set headers and works regardless of if browser or not but will be better to do updated way as you suggest.
from react-native-aws3.
+1
from react-native-aws3.
+1
from react-native-aws3.
Related Issues (20)
- Mulitple upload HOT 2
- I have only identityPoolId. So, what should I do? is this library support?
- File Upload Dont work in Android HOT 3
- A server with the specified hostname could not be found. HOT 2
- How use Amazon S3 Transfer Acceleration
- postResponse null issue HOT 1
- How to upload multiple files? `Solution`
- Write error: ssl=0x752c77f708: I/O error during system call, Broken pipe
- {"headers": {}, "status": 0, "text": "Stream Closed"} HOT 13
- How to access(get uploaded file) the private bucket in aws s3 repo ?
- Unable to upload video when bucket name contains dots eg. domain names
- FormData and XMLHttpRequest are not defined
- Google play - Leaked AWS credentials HOT 1
- Failed to upload image to S3
- Abort upload HOT 2
- Stream Closed HOT 10
- Error :- read failed: EBADF (Bad file descriptor) when upload image. HOT 2
- Check s3 folder size through RNS3
- Is this going to be affected by AWS’s Move to Its Own Certificate Authority?
- In Android its not working HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from react-native-aws3.