

Website runs all in S3, no server. - jfno67
http://blog.tomevslin.com/2008/03/amazon-s3-backs.html

======
inklesspen
When I'm reading about how he does this, it looks like it has all the app
logic in client-side Javascript. That scares me from a security standpoint.

~~~
bprater
IF everything is stored somewhere on the client (including keys), what
prevents someone malicious from borrowing the same keys to wreck havoc on your
S3 bucket?

~~~
aschobel
The secret key isn't stored in the client (I looked :P), only the
AWSAccessKeyId, policy, and signature are.

The policy dictates what can be stored in the bucket, and the signature
validates the policy so folks don't tamper with it.

------
lux
It would be interesting to combine this with Google Gears for offline storage
too. Tougher to create something that securely shared data between users, but
for a single user this could still make some powerful apps!

------
tlrobinson
This is a neat trick, but not very flexible or scalable.

Basically each user is given a presigned authorization token that lets them
upload certain files to their bucket. Other users only have read access to the
_index_. The clever trick is that the _key_ is used to store the publicly
available data like the latitude and longitude.

It works out well in his case, but it's not very useful generally.

------
vlad
Static IP's are a game-changing game changer.

