You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Apr 3, 2020. It is now read-only.
To simplify the upload of mayday assets we should implement the ability to automatically upload/post the asset to some object storage. In the case of Amazon Simple Storage Service (S3) access controls can be implemented to allow for the equivalent of anonymous FTP.
Ideally this endpoint would be configured through whatever strategy is defined in #21. This would allow for mayday to be distributed with some configuration to handle upload to the desired endpoint for where the project is being used.
Potential Problems
As the upload URL would need to be configured in some publicly accessible form (configuration file, source code, etc) there is the potential for abuse by individuals pushing arbitrary data in. One solution would be to have a mark and sweep system for garbage collection which can help handle this.
A second potential vector of abuse is spamming of PUT, LIST, GET, etc calls. As these are billable resources there is the possibility of a malicious user accruing fraudulent charges.
Outline
To simplify the upload of mayday assets we should implement the ability to automatically upload/post the asset to some object storage. In the case of Amazon Simple Storage Service (S3) access controls can be implemented to allow for the equivalent of anonymous FTP.
Ideally this endpoint would be configured through whatever strategy is defined in #21. This would allow for mayday to be distributed with some configuration to handle upload to the desired endpoint for where the project is being used.
Potential Problems
As the upload URL would need to be configured in some publicly accessible form (configuration file, source code, etc) there is the potential for abuse by individuals pushing arbitrary data in. One solution would be to have a mark and sweep system for garbage collection which can help handle this.
A second potential vector of abuse is spamming of
PUT,LIST,GET, etc calls. As these are billable resources there is the possibility of a malicious user accruing fraudulent charges.