'Could any attacker download all files in a folder from cloudfront without knowing the file names?
I am considering using Cloudfront for caching some files but those files are kind of assets and I don't want anyone to access them without logging in.
I wonder if I could use long file name (like hash) for the files and only provide the names when user logged in.
A concern is that whether an attacker (or outsider) has the ability to download the folder containing the files without knowing the names.
Edited: The files are JSON files that the data would be display in a website.
amazon-web-servicesSolution 1:[1]
Have a look at using Signed URLs in CloudFront. Each time a user logs in, you generate short-lived URLs for each of the assets the user needs to access on the page. Or if you want it to be dynamic, you can do the same server-side by redirecting logged in users from normal URLs to a dynamically generated signed URLs; users that are not logged in will receive a 403). This ensures they are only accessible to each individual user, and even if the URL is shared they will expire quickly and be inaccessible to others.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Cristian |