如何使用没有安全漏洞的AWS S3凭证?

编程问答 2022-08-11

问题描述

我的Android应用程序使用AWS S3存储图像。下面是我正在使用的版本详细信息。

[root@mytestuse pymysql]# clickhouse-mysql
Traceback (most recent call last):
  File "/usr/local/bin/clickhouse-mysql",line 5,in <module>
    from clickhouse_mysql import main
  File "/usr/local/python3/lib/python3.7/site-packages/clickhouse_mysql/__init__.py",line 4,in <module>
    from .main import Main
  File "/usr/local/python3/lib/python3.7/site-packages/clickhouse_mysql/main.py",line 21,in <module>
    from clickhouse_mysql.config import Config
  File "/usr/local/python3/lib/python3.7/site-packages/clickhouse_mysql/config.py",in <module>
    from clickhouse_mysql.reader.mysqlreader import MySQLReader
  File "/usr/local/python3/lib/python3.7/site-packages/clickhouse_mysql/reader/mysqlreader.py",line 8,in <module>
    from pymysqlreplication import BinLogStreamReader
  File "/usr/local/python3/lib/python3.7/site-packages/pymysqlreplication/__init__.py",line 23,in <module>
    from .binlogstream import BinLogStreamReader
  File "/usr/local/python3/lib/python3.7/site-packages/pymysqlreplication/binlogstream.py",line 10,in <module>
    from .packet import BinLogPacketWrapper
  File "/usr/local/python3/lib/python3.7/site-packages/pymysqlreplication/packet.py",line 7,in <module>
    from pymysqlreplication import constants,event,row_event
  File "/usr/local/python3/lib/python3.7/site-packages/pymysqlreplication/row_event.py",line 9,in <module>
    from pymysql.charset import charset_to_encoding
ImportError: cannot import name 'charset_to_encoding' from 'pymysql.charset' (/usr/local/python3/lib/python3.7/site-packages/pymysql/charset.py)
[root@mytestuse pymysql]#

当前,我通过BuildConfig变量访问秘密密钥和访问密钥的方式。 我找到了这种方法here

def aws_version = "2.16.+"
implementation "com.amazonaws:aws-android-sdk-s3:$aws_version"
implementation ("com.amazonaws:aws-android-sdk-mobile-client:$aws_version") { transitive = true }

现在我收到了一封邮件,上面写着

您的应用公开了Amazon Web Services凭据。

现在我想知道我做错了什么。 存储AWS S3密钥和访问密钥的正确方法是什么?

一个重要的问题可能会帮助您回答这个问题,

  • 一旦我将秘密密钥和访问密钥用作硬编码字符串,并将这些更改推送到我们的私有git项目中。在意识到我的错误之后,我更改了实现,现在使用如上所述的BuildConfig方法。我不知道公开凭证是否可能是这种情况。

解决方法

有两种方法:

  1. AWS安全令牌服务(AWS STS)
  2. AWS Cognito
  3. AWS放大
  4. Android密钥库

以下是有关在移动应用程序中使用AWS凭证进行身份验证的官方文档:Authenticating Users of AWS Mobile Applications with a Token Vending Machine

amazon-s3amazon-web-servicesandroidandroidandroid-securitysecurity

相关问答

matplotlib报错:AttributeError: module 'backend_interagg' has no attribute 'FigureCanvas'. Did you mean: 'FigureCanvasAgg'?
使用本地python环境可以成功执行 import pandas as pd impor...
gitlab登录失败,报错:This challenge page was accidentally cached by an intermediary and is no longer available.
设置时间 控制面板
后端开发常见错误
错误1:Request method ‘DELETE‘ not supported 错误还原:...
docker常见错误
错误1:启动docker镜像时报错:Error response from daemon:...
idea常见错误
错误1:private field ‘xxx‘ is never assigned 按Alt...
pip安装依赖失败
报错如下,通过源不能下载,最后警告pip需升级版本 Requirem...