Hacker News new | past | comments | ask | show | jobs | submit login

Another issue is that your S3 credentials are stored on your primary server. An attacker who gains access to that machine will also gain access to off site backups, and can completely destroy your business.



I was under the impression that using S3's versioned object support, it's possible to set up an account that has the ability to write objects but not to delete previous versions.


http://aws.amazon.com/s3/faqs/#How_does_Versioning_protect_m...

See also the followup question:

Q: How can I ensure maximum protection of my preserved versions?

Versioning’s MFA Delete capability, which uses multi-factor authentication, can be used to provide an additional layer of security. By default, all requests to your Amazon S3 bucket require your AWS account credentials. If you enable Versioning with MFA Delete on your Amazon S3 bucket, two forms of authentication are required to permanently delete a version of an object: your AWS account credentials and a valid six-digit code and serial number from an authentication device in your physical possession




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: