I have a Flash/Flex app that lets users upload a file to AWS S3. I have it working, but I want to run it by a few folks to see if there is a better way, and checker whether there might be any security issues.
1. User selects file 2. flash connects to GAE, gets new ID (sequential) 3. flash uses ID to build a policy file 4. flash base64s the policy, then sends it to GAE 5. GAE (which has my S3 Secret Key stored in a .py file) calculates the signature, base64s it, and returns it to flash in a URL variable 6. flash POSTs the file to S3 using the policy and signature (bucket is only accessible by 'me') Any better ideas? Any security issues? Safe to store the S3 Secret Key in a .py file on GAE? thanks tom --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
