Presigned URLs are technically a security vuln, by @cadey
https://www.tigrisdata.com/blog/presigned-urls-security-vuln/
> Replayable auth tokens are the textbook way to create vulnerable systems, but Tigris ships them as a first-class feature with presigned URLs and so does every other object storage system on the planet. However this isn’t an oversight because presigned URLs turn a weakness into a feature.
> Replay attacks are a real problem and the classic fix is miserable