I'm planning to add 'file upload' functionality to my flex app, which will let users upload files from their machines to a server. I have a rough plan (below) which I'd like to sanity check before I implement it, and ask "is there a better way"...?
Requirements =========== 1. Any signed-in user can upload a file 2. All uploaded files cannot be read nor deleted by any user (read and delete only by admin) 3. Needs to be able to handle fairly big files (1-100 MB) 4. Doesn't expose my storage server to anonymous uploads I currently use Google App Engine as the backend for the rest of my app, but it is not friendly towards big files, so that is a no go for this. So I'm thinking of using Amazon S3, as follows: a. user selects file b. construct request string c. send request string to GAE server, which returns my signature for that request (means that my secret key must reside on GAE, but not in the SWF) d. send signed request to Amazon S3. Questions ======== 1. Is there a better way / better service? 2. Am i right to be paranoid about no putting my secret key in the SWF? 3. Does this sounds like a sensible solution? Anyone tried such a thing? thanks tom
