Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question: Is s3rver a s3 "private" / "public" or both? #735

Open
parajbs opened this issue May 14, 2021 · 1 comment
Open

Question: Is s3rver a s3 "private" / "public" or both? #735

parajbs opened this issue May 14, 2021 · 1 comment

Comments

@parajbs
Copy link

parajbs commented May 14, 2021

Is s3rver a s3 "private" / "public" or both?

When using the clients, I can only login with AccessKeyId / SecretAccessKey! It's OK! (safe)
But via the browser all data is publicly accessible without AccessKeyId / SecretAccessKey and can be downloaded (not safe)! Is this normal?
@kherock
Copy link
Collaborator

kherock commented May 15, 2021

S3rver runs as a public bucket as it's not intended to be used as a production service for secure storage. The scope of enforcing bucket+object ACLs on a useful scale would be a large undertaking.

The existing support for signatures is only intended as a useful data integrity measure in integration testing. It only performs a simplistic authentication step. All objects are essentially stored with wildcard ACLs as there's no authorization performed for data access.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kherock @parajbs