Security and privacy shouldn't be based on hiding a plaintext string. What about... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		alecco on March 29, 2010 \| parent \| context \| favorite \| on: Thousands of private fotos leaked, privacy disaste... Security and privacy shouldn't be based on hiding a plaintext string. What about the ISPs, browser history, and other leakage. S3 hosting of private images was a terrible idea. It doesn't provide any kind of protection.

Terretta on March 30, 2010 [–]

> S3 ... doesn't provide any kind of protection.

S3 offers privacy protections with the ability to require an expiring token in the URL. The theory is the web site should authenticate a user, and only generate a valid token for that user (for a fuzzy definition of "that" user) that works only for a limited time.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact