Is using a presigned URL in 2025 safe enough to prevent malware and allow only images?

By
Aaron Garnes
-
0
19
Asked By CuriousCoder92 On

I've been doing some research and found some mixed opinions about using presigned URLs for file uploads, especially concerning security against malware and ensuring only image files are uploaded. Three years ago, the consensus was that AWS S3 only enforced content type headers, which didn't offer much protection against malicious uploads. Now, I'm wondering if the situation has improved in 2025. I'm developing an app where users can upload files, and I need a reliable way to verify the legitimacy of these files without adding excessive overhead. Would using presigned URLs be a good enough solution for this, or should I handle file validation on my server?

5 Answers

Answered By LambdaLover42 On

Using event notifications combined with AWS Lambda is the way to go. You can verify the contents of the files after they're uploaded. This approach allows you to tag the uploads as clean and apply a Deny policy on the S3 bucket for any files lacking this tag. It’s a straightforward and effective method!

Answered By OldSchoolSec On

Honestly, not much has changed since last time. AWS still doesn't validate the content during the upload. You can't completely trust the client to upload safe files. It's best to validate the files after they've been uploaded to prevent any malicious content from being accessed. Consider using AWS GuardDuty for scanning.

Answered By S3Expert98 On

Presigned URLs alone won’t solve your security problems. You’ve got to analyze the files post-upload. Setting up an SQS queue to trigger a Lambda function can streamline the process and help you validate uploads effectively.

Answered By TechSavvyJoe On

AWS GuardDuty has your back! It can scan uploaded files for malware, and you can set up your bucket with a policy that denies access to any files that don’t have a clean tag from GuardDuty. It gives you an extra layer of security while using presigned URLs.

Answered By FileFilterFan On

You definitely need to validate the content after the upload. Presigned URLs are secure, but the real work of ensuring the uploaded content is safe falls on you. Make sure to implement your own checks.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.