1

I'm able to upload files from iPhone using ASIHTTPRequest wrapper for an application which allows simple storage to my account. The question i'm concerned about is, could distributing the access keys along with the application be a good idea? what is the best way to deal with it in terms of security? are the keys i use sniffable via monitors over https? any suggestions over it will be appreciated.

Syed Absar
  • 2,274
  • 1
  • 26
  • 45

1 Answers1

0

I upload files to a server (using ASIHTTPRequest) and then from the server to an AWS account for this very reason. I can control the security on the server much easier than I can on devices. Plus, if I need to change the keys I can do it on the server very quickly.

This will add another layer to your application but I think it's well worth it.

You can also check out this post Architectural and design question about uploading photos from iPhone app and S3

Community
  • 1
  • 1
Larry Hipp
  • 6,205
  • 3
  • 26
  • 31
  • Thank you vey much for the response, there might be one more approach to communication the keys with the iphone online every time with some encryption, but again when its going to the client there is no way guarantee of its security. As it is said: "The only secure computer is one that's unplugged, locked in a safe, and buried 20 feet under the ground in a secret location... and I'm not even too sure about that one" – Syed Absar Jan 04 '11 at 06:46