Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
verdverm
on Aug 28, 2024
|
parent
|
context
|
favorite
| on:
Show HN: IPA, a GUI for exploring inner details of...
Sounds like they amay be accepting user PDFs, saving them to a bucket, and then doing processing after.
remram
on Aug 28, 2024
[–]
They trust their AWS EC2 instance doing the processing but not their AWS S3 bucket doing the storing? I don't really understand the threat model here.
And what's "
public
bucket"?
geekodour
on Aug 29, 2024
|
parent
|
next
[–]
So the model here is, first it gets uploaded to a staging bucket, a lambda/callback checks the validity of the file and then puts it into a safe bucket of which content I trust to put in my server(backend)
remram
on Aug 29, 2024
|
root
|
parent
|
next
[–]
I think maybe you are using the word "tampered" in an unusual way? To mean unsafe?
geekodour
on Aug 29, 2024
|
parent
|
prev
[–]
ah apologies again, for this specific one i meant where users from the internet are allowed to upload to. (i am using presigned urls)
Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
