Amazon access key showing in URL for Carrierwave and Fog
Posted
by
kcurtin
on Stack Overflow
See other posts from Stack Overflow
or by kcurtin
Published on 2012-03-18T17:59:45Z
Indexed on
2012/03/18
18:02 UTC
Read the original article
Hit count: 307
I just switched from storing my images uploaded via Carrierwave locally to using Amazon s3 via the fog gem in my Rails 3.1 app. While images are being added, when I click on an image in my application, the URL is providing my access key and a signature. Here is a sample URL (XXX replaced the string with the info):
https://s3.amazonaws.com/bucketname/uploads/photo/image/2/IMG_4842.jpg?AWSAccessKeyId=XXX&Signature=XXX%3D&Expires=1332093418
This is happening in development (localhost:3000) and when I am using heroku for production. Here is my uploader:
class ImageUploader < CarrierWave::Uploader::Base
include CarrierWave::RMagick
storage :fog
def store_dir
"uploads/#{model.class.to_s.underscore}/#{mounted_as}/#{model.id}"
end
process :convert => :jpg
process :resize_to_limit => [640, 640]
version :thumb do
process :convert => :jpg
process :resize_to_fill => [280, 205]
end
version :avatar do
process :convert => :jpg
process :resize_to_fill => [120, 120]
end
end
And my config/initializers/fog.rb :
CarrierWave.configure do |config|
config.fog_credentials = {
:provider => 'AWS',
:aws_access_key_id => 'XXX',
:aws_secret_access_key => 'XXX',
}
config.fog_directory = 'bucketname'
config.fog_public = false
end
Anyone know how to make sure this information isn't available?
© Stack Overflow or respective owner