Are s3cmd credentials secure over Internet if not using HTTPS?

2014-07-06
2014-07-08
  • Open eSignForms

    Open eSignForms - 2014-07-06

    We encrypt the files we transfer to S3, so HTTPS is not required for the files, but are the authentication credentials sent over HTTPS even if the file transfers are not? Clearly, we want our credentials to be secure even if the file transfers are not.

     
  • Michal Ludvig

    Michal Ludvig - 2014-07-08

    Hi
    yes S3 (and most other Amazon AWS services for that matter) use a time-based token derived from your access and secret keys. These tokens are good only for the exact request they were generated for and expire after a few minutes. Your secret key is never send in plain text with the request.
    M.

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks