Uploading documents DIRECTLY to S3 in a secure fashion is easy: Amazon S3 supports uploading the documents directly to S3 via HTTP POST as described in http://wiki.apexdevnet.com/page/Using_Force_for_Amazon_Web_Services. This also allows for large attachments to be sent directly to S3 without involving salesforce as intermediary.
However, I am wondering how one would get the documents directly to the browser in a secure fashion. I don't want the document to first be brought to salesforce.com servers - besides the overhead, SFDC supports only 3 MB for a Web Service request size. Amazon S3 supports Query String Request Authentication (adding the amazon username(key) and signed password (signature) directly as a URL parameter. However the problem with this approach is that the URL can be copied by anyone and they can then directly access the document. I can add an expiration time as a URL parameter, but even then this is an insecure method, since someone can access the document for a few seconds.
Uploading documents DIRECTLY to S3 in a secure fashion is easy: Amazon S3 supports uploading the documents directly to S3 via HTTP POST as described in http://wiki.apexdevnet.com/page/Using_Force_for_Amazon_Web_Services. This also allows for large attachments to be sent directly to S3 without involving salesforce as intermediary.
However, I am wondering how one would get the documents directly to the browser in a secure fashion. I don't want the document to first be brought to salesforce.com servers - besides the overhead, SFDC supports only 3 MB for a Web Service request size. Amazon S3 supports Query String Request Authentication (adding the amazon username(key) and signed password (signature) directly as a URL parameter. However the problem with this approach is that the URL can be copied by anyone and they can then directly access the document. I can add an expiration time as a URL parameter, but even then this is an insecure method, since someone can access the document for a few seconds.
