I am not sure what use cases are there that require public uploads to be honest except running an image hosting site.
Also pretty sure nobody would try to trick uploading the user to upload something to your s3 bucket. But instead upload something themselves and then distribute it.
Ah yes, I already generate a policy so only signed in users can upload files to our S3 buckets. And files that aren't attached to a saved database entry (e.g. a comment) are automatically pruned.
So I think things are pretty safe as is. Just wondering if there are any best practices otherwise.
I am not sure what use cases are there that require public uploads to be honest except running an image hosting site.
Also pretty sure nobody would try to trick uploading the user to upload something to your s3 bucket. But instead upload something themselves and then distribute it.
What you need to do is create a single-use policy, something like explained here - stackoverflow.com/a/18901867/…
Ah yes, I already generate a policy so only signed in users can upload files to our S3 buckets. And files that aren't attached to a saved database entry (e.g. a comment) are automatically pruned.
So I think things are pretty safe as is. Just wondering if there are any best practices otherwise.