Question: Is s3rver a s3 "private" / "public" or both?

[parajbs]

Is s3rver a s3 "private" / "public" or both?

When using the clients, I can only login with AccessKeyId / SecretAccessKey! It's OK! (safe) But via the browser all data is publicly accessible without AccessKeyId / SecretAccessKey and can be downloaded (not safe)! Is this normal?

[kherock]

S3rver runs as a public bucket as it's not intended to be used as a production service for secure storage. The scope of enforcing bucket+object ACLs on a useful scale would be a large undertaking.

The existing support for signatures is only intended as a useful data integrity measure in integration testing. It only performs a simplistic authentication step. All objects are essentially stored with wildcard ACLs as there's no authorization performed for data access.