Signing Amazon SDB requests

Bernd Dorn bernddorn at gmail.com
Fri Apr 29 20:09:08 MSD 2011 

take a look at this example, sdb should not be that different

https://github.com/lovelysystems/nginx-examples/tree/master/s3

cheers, bernd

On Apr 28, 2011, at 12:28 AM, AndrewH wrote:

> I am looking for some advice on the recommended way of achieving the
> following.
> 
> I need to sign Amazon Simple Database (SDB) queries with our Amazon Web
> Services credentials before forwarding them to upstream Amazon's SDB
> servers.  
> 
> The proxying behaviour will be taken care of by the proxy module but I'm
> not sure how to implement the actual signing.
> 
> On first glance, it sounds similar to the module that performs this for
> Amazon S3 requests.  Unfortunately this doesn't work for SDB requests as
> the parameters in an SDB request are encoded in the arguments of the URI
> (...site.com/?SDBArg1=val1&SDBArg2=val2)  whereas S3 parameters are
> passed as separate HTTP headers.  
> 
> I have looked at the rewrite module but the URI can only be manipulated
> using regular expressions and the processing I need to do is more
> complex than what the rewrite module can achieve ie.
> 
> 1 Parse and decode the URI args to an SDB args list
> 2 Add several args to the SDB args list
> 3 Sort SDB args list
> 4 Generate a SHA message digest of the SDB args list using a user
> supplied variable as a key - the Base64 encoding of this is the
> signature.
> 5 Append the signature to the SDB args list
> 6 Regenerate the URI args
> 7 Forward it to the upstream
> 
> I believe I might be able to do using imbedded Python and writing the
> logic as script and integrating it via the rewrite module - but I don't
> know Python (I'm a C/C++ dev) and I'm also not in a position to know
> whether this solution would scale satisfactorily - so this is not my
> preferred option.
> 
> What I need to know is what approach I should take to solving this with
> minimal effort ie. is there a way of creating a filter that layers
> before or after the proxy module which does this work.
> 
> Posted at Nginx Forum: http://forum.nginx.org/read.php?2,194135,194135#msg-194135
> 
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20110429/ce92a6fa/attachment.html>

More information about the nginx mailing list