1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
I would think you would want to do file type validation and possibly limit max size in your flutter application.
Are you using Amplify or the straight API? Here is a link to the Amplify Flutter docs for Upload files. It might help.
https://docs.amplify.aws/lib/storage/upload/q/platform/flutter/
I would always opt for a bucket policy that is secure and any public bucket should probably be behind a CloudFront distribution.
I just tried this policy and it still allowed me to upload non-jpg file types:
{
"Version": "2012-10-17",
"Id": "Policy1464968545158",
"Statement": [
{
"Sid": "Stmt1464968483619",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::111111111111:assumed-role/MyRole/MyUser"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*.jpg",
"Condition": {
"Bool": {
"aws:SecureTransport": "true"
}
}
}
]
}
répondu il y a 6 mois
Contenus pertinents
- demandé il y a 4 mois
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a un an
My flutter team decided to use Firebase and they would like to stick with it and not use AWS technologies at all. That is why I am using the API by generating presigned URL from the backend. Doing validation in the mobile app sounds reasonable, but is it keeping me from abusive users? My intuition tells me no, but maybe I am wrong?