Hacker News new | past | comments | ask | show | jobs | submit login

Generate a temporary link that, when clicked sends an event to your system to deprecate the link and redirect the user to a presigned S3 download. In my case the file attachment was the product and it was important the system know when someone had downloaded, but a backend system that keeps temporary urls and requests a temporary download link from the file provider is a useful pattern. Nice thing about signed links is your server doesn't have to handle the file - it's between the client and storage provider.

yeah, I've implemented that temporary link system together with link expiry by date, by access count, and link passwords.

I'm encrypting the file on arrival, and storing it encrypted, so it has to route back through the decryption stream. But I could move that to a separate module and replace it with signed S3 if there was benefit.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact