I want to implement image uploading in my web application which has backend in java and frontend in javasciprt/jquery/html/css and uploading on amazon s3.
I can see Fine-uploader generating a highly randomized key for a file and get that key signed by passing it to signature end point (along with some more headers).
My question is, what if somebody send some other key to signature end point and upload file with that key; in a way, he can try overwriting my already placed file.
How can I implement following logic in fine-uploader-
- Fine uploader hit end point for signature
- I generate some randomized key on server (sign that key and other headers) and pass signature, policy and key back to the client
- Now on same key I do upload and bookeeping
please excuse me for typos and my bad english
While your initial question is a bit unclear, in your comments you have expressed a desire to ensure a user does not tamper with the request/policy, perhaps in an attempt to upload a file with a duplicate name. If you'd like to prevent this, simply query your database (or your bucket using the S3 API) server-side as part of handling the signature POST from Fine Uploader. If a file by that name already exists, then return a 500 response with a JSON message body like this:
{"invalid": true}. This signals to Fine Uploader that the policy or request headers are invalid and the upload will be canceled.