[skillet-thief]

If this is the question you are talking about:

"Leaving the files in S3 with global read perms would open up the possibility of a botnet attack whereby an attacker could simply request all your files continuously and thereby drain your bank account by using up bandwidth as fast as Amazon can deliver it. Is there any way to address this kind of abuse? Otherwise, agreed, serving directly from S3 would be a fine idea." (how do you do blockquotes, btw?)

then it doesn't really apply. If you have an EC2 instance running as your server, you aren't allowing global public access to your S3 data. You control bandwidth usage through your EC2 server the same way you would with any other server.

And I think that even with raw S3, there are ways, such as "use once URLs", that allow you to get around this problem.

[wensing]

Exactly. You have control over the read-access permissions on any content on S3. Anything set to 'private' cannot be accessed by the outside world without a URL with an encrypted key salted with your private key and an expiration date. I am already doing this with my startup and it is a wonderful feature, with no fears of 'botnet attacks'.

[wensing]

Exactly. You have control over the read-access permissions on any content on S3. Anything set to 'private' cannot be accessed by the outside world without a URL with an encrypted key salted with your private key and an expiration date. I am already doing this with my startup and it is a wonderful feature, with no fears of 'botnet attacks'.