Using S3 to host static web pages or store objects used by other web pages can load content
securely by configuring an S3 bucket to explicitly enable cross-origin requests. Modern browsers use the Same Origin
policy to block JavaScript or HTML5 from allowing requests to load content from another site or domain as a way to help
ensure that malicious content is not loaded from a less reputable source (such as during cross-site scripting attacks).
With the Cross-Origin Resource Sharing (CORS) policy enabled, assets such as web fonts and images stored in an S3
bucket can be safely referenced by external web pages, style sheets, and HTML5 applications.
Our most common tool is Amazon S3, where we can keep encrypted files and depend on AWS to utilize TrueCrypt to ensure further encryption.
Getting the files to and from the server is actually quite easy:
static IAmazonS3 client;
using (client = new AmazonS3Client(Amazon.RegionEndpoint.USEast1))
{
GetObjectRequest request = new GetObjectRequest
{
BucketName = bucketName,
Key = keyName
};
using (GetObjectResponse response = client.GetObject(request))
{
string dest = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Desktop), keyName);
if (!File.Exists(dest))
{
response.WriteResponseStreamToFile(dest);
}
}
}
That is an example of just getting the file down to the server. What is ideal is to have the server bring it into a MemoryStream Object and then redirect it to the client. This ensures that no information ever stays on the server itself. By making the web servers entirely read-only, we reduce the risk of outsourced IT companies having access to hosted servers. Additionally, we completely eliminate the need to synchronize load-balanced servers, keeping any dynamic information in cloud hosted environments.
More information can be found on the AWS Whitepaper
To compare, you can look at the Microsoft Azure Network Security Whitepaper (v2)
