Secure Link Md5 with Primary and Secondary Secret
francis at daoine.org
Tue Jun 12 17:22:26 UTC 2018
On Tue, Jun 12, 2018 at 08:09:18AM -0400, anish10dec wrote:
> There is requirement for token authentication using two secret key i.e
> primary and secondary secret for location block.
If this is the same scenario as in
https://forum.nginx.org/read.php?2,275668 and in
https://forum.nginx.org/read.php?2,278063 then I'm pretty sure that the
answer is the same as those times.
> If token with first secret gives 405, then to generate the token with second
> secret to allow the request.
There is a suggested untested config in an earlier response. Does it
work for you?
> This is required for changing the Secret Key in production on server so that
> partial user will be allowed with old secret and some with new secret for
> meanwhile till secret is updated on all servers and client.
If the client knows it, it's not a secret.
Francis Daly francis at daoine.org
More information about the nginx