Instead of signing literal query describe permitted actions, probably with argument constraints. This will allow end user to define parameters on their own, for example we could provide signed URL from backend to the frontend where we would permit only generation of thumbnails between 100x100 and 300x300 where dimensions are divisible by 10. This would reduce attack vector for DoS by allowing only 21 possible sizes to be generated.
Instead of signing literal query describe permitted actions, probably with argument constraints. This will allow end user to define parameters on their own, for example we could provide signed URL from backend to the frontend where we would permit only generation of thumbnails between
100x100and300x300where dimensions are divisible by 10. This would reduce attack vector for DoS by allowing only 21 possible sizes to be generated.