re: AWS Keys exposed on URL from photos on my heroku site VIEW POST

TOP OF THREAD FULL DISCUSSION
re: I think it is what I see. But if I'm not mistaken, I don't think the keys & signature should be exposed in the URL. I'll take a look at the li...
 

Here's another link about signed links as query params, which I believe is what you have! docs.aws.amazon.com/AmazonS3/lates...

In general I think only your AWS Secret Key is private and can't be shared. Since the signature here is a single use token derived from it, it's ok!

Whew. I'm relieved. But I'll still look into hiding those on the URL if they're possible. Thanks again, Corey!

code of conduct - report abuse