We encrypt the files we transfer to S3, so HTTPS is not required for the files, but are the authentication credentials sent over HTTPS even if the file transfers are not? Clearly, we want our credentials to be secure even if the file transfers are not.
yes S3 (and most other Amazon AWS services for that matter) use a time-based token derived from your access and secret keys. These tokens are good only for the exact request they were generated for and expire after a few minutes. Your secret key is never send in plain text with the request.
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.