A lot of people put their backups on S3, with a script running on the server. Ev... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		raphinou on March 24, 2013 \| parent \| context \| favorite \| on: Too Perfect a Mirror A lot of people put their backups on S3, with a script running on the server. Even if you limit the rights with IAM to only put files, the attacker can overwrite existing files on S3. The only way I thought to prevent that is to give only write access with no listing access, and append a random number to the file name. But, who does that? I'm sure 90%+ of the servers backing up on S3 are not safe for this scenario. The reason I thought of DVDs is that they're not sensitive to electromagnetic fields as disks and tapes. (You never know: http://www.telegraph.co.uk/science/space/9097587/Solar-flare... )

andrewf on March 25, 2013 [–]

If you turn on file versioning in S3, then you'll be able to get to the data that was "overwritten". I don't think there's a way for someone with only PUT access to work around this.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact