Object storage security / virus / malware
Hi,
I'm looking for a bit of clarity on this one.
We use signed URL's for user uploads of files. Its not anonymous so we do know who is doing the uploads however does the object store do any type of virus or malware scanning after uploading of the files?
Additionally, because we use signed URLs to allow user to upload things like .jpg or .png there is nothing stopping a user from just changing say file extension. Not saying they will but trying to cap any entry points so curious what may be the best way to handle this.
Because we are using signed URLs we don't inspect the file on any server, just generate the signed URL, return that, and initiate the post of the file to the bucket
2 Replies
mjones
Linode Staff
Hi @mk - Object Storage Buckets can't look inside the files and no computation or changes to the file's contents can be done in a Bucket. There'd be no way for the Object Storage service to tell the contents of a file to check to see if it was malware.
If you'd like to set up some sort of file scanning or similar, then you'd have to do it on a separate server such as a Linode and move the files into Object Storage afterwards.
Because we are using signed URLs we don't inspect the file on any server, just generate the signed URL, return that, and initiate the post of the file to the bucket.
I would make this the responsibility of the user requesting the POST to the bucket.
As @mjones suggests, you could do this yourself but, since you will incur cost, I would pass those costs into the users.
Call it the “upload at your own risk mitigation cost” :-)
— sw