Serving resized S3 images on the fly
#6 Preventing request forgery
Secure requests against pesky hackers
If you didn’t notice — this is part of a series
Preventing users from altering the request
Imagine a 20Mb large image on our AWS S3 bucket. A malicious user could grab the URL to the image and run the following script:
The effects of such action would be disastrous to the server. The thumbnails would keep generating until the server is dead or there’s no space left on the hard disk. We need to find a way to ensure that only certain customers will know how to generate the correct link.
Choosing protection method
Since the application requires unauthenticated access, this doesn’t leave us with too many options. Once we publish the URL to the thumbnail on the Internet, Google will cache it. The only way to make sure nobody has tampered with the request is to use the HMAC string directly in the URL.