How on earth someone would want to expose aws key like that ? #307
Comments
|
which example are you referring to? |
|
@dtuyenle can't you just use env vars?! |
|
@eahefnawy first of all thank you so much dude for spending your time replying to my whining comment. I am not sure how you mean env vars ? I mean the html itself having that token and if say I use this html and host somewhere anyone can see that token using view source right ? |
|
@dtuyenle no worries! The generate form script will not be publically available on the frontend. If you're referring to the aws access key id in the HTML, then you're right. But generally it's useless without the secret, which is hashed before deployment as you can see in the generate form script. Also, needless to say, your access id key should only have access to what it needs, rather than being a root account creds. Hope this helps! |
This example is nowhere near practical. In real life no one would have done this. No one would expose key like that. This should be change to an implementation on the lambda side.
The text was updated successfully, but these errors were encountered: