Hello everyone I’m developing a Django/React website with files stored in S3 storage from Selectel, and I’m deploying the entire project to Docker.
I have a question about how to check uploaded files in S3 for security. I see three main ways to implement the mechanism, but I have questions about each of them.:
- Send a temporary download URL to the client with the Content_Type of the uploaded file and a time limit depending on the file size. The file is uploaded to a separate bucket or “folder” of the container, after that it is downloaded by the server or a separate server for further validation. Using this method, my question is, is it worth creating a separate isolated Docker container for such a case, where all the verification will take place and how to implement this?
- The next method is to transfer the file via a POST request to the server, write the file to RAM, and then further validation and upload to S3 take place. In this method, I am interested in how optimal and resource-intensive this approach is?
- The third approach is somewhat similar to the first, the file is also loaded first into S3, then we send the file to the server in chunks and check using ClamAV (I read this method on one of the sites). What stops me in implementing this method is the difficulty of implementing this approach and how well does it check the file?
If there is another better and more widespread method, I will be glad to learn about it, I am new to the topic of Web applications relatively recently. I will be glad to hear your answers, thank you in advance for them! P.S. I apologize in advance for mistakes and inaccuracies, I used a translator
I personally tried to implement the second of the approaches I described.