-
AuthorPosts
-
November 16, 2017 at 7:54 pm #1074800
I have a couple of sites with 2.5.9 and Joomla 3.8.2 that never finish when I click "Update S3 File List". I don’t see any errors in the apache log nor any javascript errors. I can’t give backend access, the client won’t allow it. Can you give me some troubleshooting steps to figure out whats going on?
November 16, 2017 at 9:18 pm #1074816I was just looking through my server logs and see 30000 hits to this url over the last 24 hours. I had let the update run since it was taking a while hoping it would complete but it never did.
/administrator/index.php?tmpl=component&option=com_jaamazons3&view=localrepo&task=uploadbar
Mo0nlight ModeratorMo0nlight
- Join date:
- September 2014
- Posts:
- 707
- Downloads:
- 38
- Uploads:
- 107
- Thanked:
- 99 times in 97 posts
November 17, 2017 at 8:48 am #1074937Hi,
Kindly share the URL and admin login info so I can check for you.
November 20, 2017 at 1:15 pm #1075369As stated in OP I cannot do that.
November 21, 2017 at 5:02 pm #1075702bump
Mo0nlight ModeratorMo0nlight
- Join date:
- September 2014
- Posts:
- 707
- Downloads:
- 38
- Uploads:
- 107
- Thanked:
- 99 times in 97 posts
November 22, 2017 at 2:56 am #1075780This reply has been marked as private.January 1, 2018 at 3:47 pm #1084107Please do not ever post your keys in a public forum. I strongly advise that you rotate and delete that key immediately, and since you are the moderator, delete the post with your account ID.
I tried out this extension yesterday. I found some very concerning issues:
1) It appears that it requires S3 admin access to the entire account
2) It uses accesskey and secretkey stored on the web server. Are they encrypted? How are they protected?
3) UI asks for account number. You do not need it. This is also a dangerous practice. (it is not a required field, but this is not clear. Call it something else and let users know not to put their actual account number here)
4) There is no provision for using EC2 roles instead of keys
5) With a modest number of buckets, the sync process kills my (t2.micro) instance EVERY TIME.
What I recommend changing:
- Drop the functionality for creating, deleting buckets. You don’t need it and I’m not comfortable enough with Joomla security to open S3 access to the degree required by the current extension.
- At the very least, make it so that the user can specify an IAM credential with access to a specific bucket/key. You don’t need bucket access. You need access to a key within a bucket. Great ideas, but descope, increase security.
- Enable use of EC2 roles for those of us running on AWS
- Store the access keys encrypted when you have to use them at all.
- Revisit the sync process so it doesn’t kill small servers
- This reply was modified 6 years, 10 months ago by mobri2a.
Saguaros ModeratorSaguaros
- Join date:
- September 2014
- Posts:
- 31405
- Downloads:
- 237
- Uploads:
- 471
- Thanks:
- 845
- Thanked:
- 5346 times in 4964 posts
-
AuthorPosts
This topic contains 7 replies, has 4 voices, and was last updated by Saguaros 6 years, 10 months ago.
We moved to new unified forum. Please post all new support queries in our New Forum