S3Browse - Frequently Asked Questions
Index
- What is the Amazon Simple Storage Service (S3)?
- What functionality does S3Browse.com offer?
- What does S3Browse cost?
- What do I need to get started?
- What are S3 Buckets?
- What are S3 Objects?
- How does S3 support directories?
- Is my Amazon Secret Access Key safe on S3Browse.com?
- Why do I need a client application to upload large files?
- Why do I get a Security Warning when I start the Upload Client (S3UC)
What is the Amazon Simple Storage Service (S3)?
Amazon S3 is an internet storage service. The service allows you to store and access and share data. The service is highly scalable and the prices are very competitive. See http://aws.amazon.com/s3 for Amazon's description of the service.
What functionality does S3Browse.com offer?
S3Browse is a general purpose, easy to use web interface to Amazon S3. The current beta version of S3Browse offers most of the functionality that is available through the Amazon S3 API. New versions of S3Browse will offer more functionality that is not directly available through the API. This new functionality will make it easier and more efficient to use the service.
The interface that Amazon provides for its storage service is only appropriate for developers. S3Browse makes S3 usable for every internet user. The S3Browse interface is designed to be general purpose. There are other products that use S3 for a specific purpose, for example, for online backup.
What does S3Browse cost?
S3Browse is a free service. But S3Browse makes calls to Amazon S3 using your account. Amazon will charge you for this using their normal rates. See: http://aws.amazon.com.
What do I need to get started?
You need an Amazon Web Service (AWS) Account. As part of this AWS account you get an access key and a secret access key. You can use these keys to register with S3Browse or to directly start a session.
See http://aws.amazon.com to sign-up for an AWS account or to get more information.
What are S3 Buckets?
Buckets are much like folders on your file system. They have a unique name and can contain any number of files. A bucket name needs to be globally unique.
Using S3Browse you can explore the contents of a bucket using the following URL http://s3browse.com/explore/bucket_name. If the bucket is public accessible you will directly see the contents of the bucket, otherwise you will need to sign in.
By default a bucket is only accessible by the owner of that bucket. The owner can change this by updating the bucket access control policy. For example, it is possible to allow everyone to read the contents of your bucket and to let a college write to your bucket. You can use S3Browse to create buckets and to update the access control policy of your buckets.
What are S3 Objects?
Data is stored in buckets in the form of S3 Objects. An S3 Object is very comparable to a file. An S3 Object is composed of data and metadata and identified by a key. The key gives a unique name to the S3 Object within the scope of a bucket.
How does S3 support directories?
Amazon S3 does not directly support directories. A bucket contains objects and cannot contain other buckets. But because keys can contain directory separator characters it is possible to simulate a directory structure within a bucket.
For example, the key "/reports/january/overview.doc" is similar to a file called "overview.doc" that is stored in the subdirectory "january". S3Browse allows you to explore the contents of a bucket using this directory simulation. The URL http://s3browse.com/explore/bucket_name/reports/january will show all the keys that start with "/reports/january". In other words, all the files in the "january" subdirectory.
Is my Amazon Secret Access Key safe on S3Browse.com?
Yes absolutely! S3Browse needs you Secret Access Key to access your data on Amazon S3. S3Browse is designed and implemented in such a way that your secret access key is never accessible to others. Even people with access to the S3Browse server or database cannot get to your secret access key.
- When you enter your secret access key as part of the registration or login, it is transferred using secure https. On no other occasion does S3Browse transfer or display your secret access key, it is kept safe in your session data on the S3Browse server.
- If you register with S3Browse your secret access key is stored in the S3Browse database in an encrypted form and can only be decrypted using your password.
- Your password is not stored in the S3Browse database. Only a secure one-way-hash of your password is stored in the database. When you login using your email and password a new one-way-hash is made of your password and this hash is compared to the hash stored in the database. If these two match then you entered the correct password and this password is then used to decrypt your secret access key.
Why do I need a client application to upload large files?
When you upload files using the S3Browse web interface the data is first transferred to the S3Browse server and then to the Amazon S3 servers. In this route S3Browse is an unnecessary link that may limit the scalability and upload speed. Using the S3Browse Upload Client (S3UC) the data is transferred directly from your PC to the Amazon S3 servers.
The S3UC application runs on all platforms that support Java. The plugin requires Java version 1.4 or higher.
Why do I get a Security Warning when I start the Upload Client (S3UC)
Java applications that are downloaded from the Internet and run on your local PC run inside a so-called sandbox. This means that these programs cannot access data on your local PC and can only communicate with the server they originated from. The S3Browse Upload Client needs read access to your files and needs to communicate with the Amazon S3 servers. The program asks these permissions from the Java runtime environment. Because of these extra permissions the Java environment will show the following dialog:
If you press "Run" you tell the Java environment that you trust this program. The S3Browse Upload Client will only read those files that you select and will only communicatie with the S3Browse server (s3browse.com) and with Amazon S3 (s3.amazonaws.com). The contents of your files is sent directly to Amazon S3. The communication with S3Browse is only used to calculate the correct signatures and to gather statistics about upload speeds.
We sign our code with a standard SSL web certificate. This will prevent tempering with the code. We could have used a code signing certificate. This would have suppressed the security warning popup. But code signing certificates cost a lot of money and we thought that this FAQ entry was a good alternative.