
Image Uploads with AWS S3, Elixir and Phoenix - jackcarlisle
https://medium.com/@jackacarlisle/image-uploads-with-aws-s3-elixir-phoenix-ex-aws-step-1-f6ed1c918f14
======
scandox
I like Elixir...but sheesh you have to read 2 more full medium articles before
you even see any code. I mean the linked article basically explains how to
setup an s3 bucket with appropriate permissions.

------
acconrad
Couldn't you just use arc (with arc_ecto if you're using ecto)? Arc is
basically the Elixir version of Rails' Paperclip, which does all of the heavy
lifting for you.

------
deedubaya
The fastest code is that which is never run.

Don't upload files to a server if you're using S3. Upload directly to S3 with
client-side code instead.

~~~
griffinmb
I'm sure it's possible to do this securely, but in general this seems like a
sure-fire way to expose your secret keys.

~~~
keketi
The secure way to do it is using pre-signed URLs:
[http://docs.aws.amazon.com/AmazonS3/latest/dev/PresignedUrlU...](http://docs.aws.amazon.com/AmazonS3/latest/dev/PresignedUrlUploadObject.html)

------
agrandiere
Thanks for the tutorial. Image upload handling is a tricky task. Beyond
storage, we’ve found that being able to moderate and filter out bad images was
a huge pain point. For anybody experiencing the same challenges, I would
suggest using [https://sightengine.com](https://sightengine.com) — a realtime
image moderation API based on Deep Learning

------
jsmeaton
I don't think I really grok :symbols, which is also the main thing that puts
me off ruby. What's the point? What are they useful for?

~~~
di4na
giving a name to things without going into the full complex structure of a
string.

Think like error code or Enumeration, but with a name that makes sense.

~~~
jetti
Except you have to be careful with symbols in Elixir. They don't get cleaned
up until a crash. That means in things like Phoenix you aren't supposed to use
symbols as parameter maps in your controllers as a user could easily blow up
your memory by making tons o' calls.

EDIT: I would also add that they are the preferred key for Maps when using
internal Map structures (ones that you have complete control over and users
don't)

~~~
napsterbr
That's a "problem" with the erlang vm actually, you have a limit number of
allowed atoms (I think 2 million). When receiving user input, you should not
let users create arbitrary atoms because this would allow a atom exhaustion
attack.

In these cases, what we do is assing a "string" map, something like
:input["arbitrary_key"]

ETA: default is 1 million atoms actually. It can be increased but it's usually
a smell/something to be investigated.

~~~
jetti
Good point that this isn't Elixir specific but any language that runs on the
BEAM.

------
mtw
Why 3 articles?

