[jomendoz]

Please, do NOT sign up in this site until author fixes this noobish vulnerability:

When the sign up request is sent, it shows a S3 error not finding corresponding key. The true misdeed is requesting the resource with get and passing email and password as query parameters in the URL. Such a shame >-(

[grepthisab]

Isn't this pretty similar to basic auth? Passing credentials in plaintext but over TLS.

[jomendoz]

Yes. But URLs tent to be logged more than HTTP headers or payloads. Any L7 proxy can spit out requested paths and the password will be preserved in different places for long periods of time.

[grepthisab]

Ah, that makes sense. Thanks!

[bucket2015]

Fixed.