<div dir="ltr"><span style="font-size:12.8px">Hi,</span><div><span style="font-size:12.8px"><br>> Why does the client have anything to do with md5 and generating things?</span><br style="font-size:12.8px"><br style="font-size:12.8px"><span style="font-size:12.8px">The usual model is that something on the server creates the "secure"</span><br style="font-size:12.8px"><span style="font-size:12.8px">url, and gives it to the client. The client then requests that url;</span><br style="font-size:12.8px"><span style="font-size:12.8px">the server checks that it is valid, and the server issues the content.</span><br style="font-size:12.8px"><br style="font-size:12.8px"><span style="font-size:12.8px">Does your system use a different model?</span><br><input name="virtru-metadata" type="hidden" value="{"email-policy":{"state":"closed","expirationUnit":"days","disableCopyPaste":false,"disablePrint":false,"disableForwarding":false,"expires":false,"isManaged":false},"attachments":{}}"></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Well, sorry i couldn't explain it in best manners. Well our website has three platforms (Iphone application, Android Application, Web application) . For website what we're doing is that :</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">User clicks on video -> move to watch video page -> a function creates md5+expiry on this page -> Secure URL appends into the player -> Video starts to play.</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px"> Seems like you're right our approach is wrong for iphone application , we're trying to generate hash in mobile application too which was not right. Now we're taking approach where URL will construct on server & distribute to all platforms.</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Is that how it should be ?</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Thanks.<br>Shahzaib </span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 10, 2016 at 12:24 PM, Francis Daly <span dir="ltr"><<a href="mailto:francis@daoine.org" target="_blank">francis@daoine.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Wed, Aug 10, 2016 at 12:07:58PM +0500, shahzaib mushtaq wrote:<br>
<br>
Hi there,<br>
<br>
> We've depolyed NGINX ngx_*http*_*secure*_*link*_<wbr>module in our website based<br>
<span class="">> on php programming & its working well.<br>
<br>
</span>That much makes sense.<br>
<span class=""><br>
> Player is providing correct hash+expiry to serve links.<br>
<br>
</span>I'm not sure about that bit -- what is the player? (It may not matter;<br>
I presume it is "something on your back-end that is doing things right".)<br>
<span class=""><br>
> Though we're facing problem authenticating md5 from iphone mobile which is<br>
> generating md5 based on C objective language & looks like this hash is<br>
> somewhat different & have authenticating issue against NGINX md5.<br>
<br>
</span>But that part confuses me.<br>
<br>
Why does the client have anything to do with md5 and generating things?<br>
<br>
The usual model is that something on the server creates the "secure"<br>
url, and gives it to the client. The client then requests that url;<br>
the server checks that it is valid, and the server issues the content.<br>
<br>
Does your system use a different model?<br>
<span class=""><br>
> Is there any way of fixing it ?<br>
<br>
</span>Examine your design. Examine your implementation. See where it does not<br>
do what you expect. Change that piece.<br>
<br>
I don't think that there are enough details provided yet to give a more<br>
specific answer.<br>
<span class=""><br>
> Short conclusion :<br>
><br>
> Web APP == good<br>
> Mobile APP == bad<br>
<br>
</span>What do the APPs do, other than request urls that they have been given?<br>
<br>
Good luck with it,<br>
<br>
f<br>
<span class="HOEnZb"><font color="#888888">--<br>
Francis Daly <a href="mailto:francis@daoine.org">francis@daoine.org</a><br>
<br>
______________________________<wbr>_________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/<wbr>mailman/listinfo/nginx</a><br>
</font></span></blockquote></div><br></div>