I would like to move to cloud storage. My app currently serves private assets from a local hard drive, and only for authenticated users (password login + user session).
Using cloud storage, I cannot find a way to prevent an unauthenticated user from accessing a private asset, as my app now generates a URL of the following form:
https://S3_URL(not controlled by me thus problematic)/MY_FILE ?X-Amz-Algorithm=XXX &X-Amz-Credential=XXX &X-Amz-Date=XXX &X-Amz-Expires=900 &X-Amz-SignedHeaders=host &X-Amz-Signature=XXX
Anybody having access to this URL can now access the private resource (leakage of data via URL sharing is now possible)
I understand this isn’t a shrine specific problem, I’m mainly confused and looking for advise/ideas on how to prevent this.
Thanks for any feedback