COS (Cloud Object Storage) generates time-sensitive access links for private read-write files through a process called "pre-signed URLs." Pre-signed URLs allow users to grant temporary access to their private objects in the cloud without exposing their credentials.
Here's how it works:
- User Initiates Request: The user requests a pre-signed URL for a specific object in their COS bucket.
- Server Generates URL: The COS server generates a unique URL that includes an expiration time. This URL is signed with the user's credentials, ensuring that only the intended user can generate it.
- Temporary Access: The pre-signed URL is valid for a specified period, after which it expires and access is revoked.
- Access to Object: The recipient of the pre-signed URL can use it to access the private object in the COS bucket until the expiration time.
Example:
- A user wants to share a private file with a collaborator for a limited time.
- The user generates a pre-signed URL with an expiration time of 1 hour.
- The collaborator receives the URL and can download or upload to the file within that hour.
- After 1 hour, the URL expires, and the collaborator can no longer access the file.
Tencent Cloud Service:
For generating pre-signed URLs in Tencent Cloud COS, you can use the COS SDKs or the COS API. The SDKs provide methods to easily create pre-signed URLs with specified expiration times. For example, in the Python SDK, you can use the get_presigned_url method to generate a pre-signed URL for a private object.
This mechanism ensures secure and controlled access to private files in the cloud, making it ideal for scenarios where temporary access is required.