HttpSecureLinkModule Q?
Weibin Yao
nbubingo at gmail.com
Wed Dec 22 05:25:17 MSK 2010
izrodix at 2010-12-21 19:28 wrote:
> Weibin Yao,
> it's working but may be I'm doing something wrong.
> Here is what I do.
>
> $uri_hash = md5('your_secret_word'.'/subdir1/subdir2/movie.flv', true);
> $uri_ehash = base64_encode($uri_hash);
>
> this is result of uri_ehash
> http://127.0.0.1/subdir1/subdir2/movie.flv?md5=F96syvsfhvPq54ME2VEX4A==
>
> this show me err 403
> http://127.0.0.1/subdir1/subdir2/movie.flv
>
> I delete some part of hash
>
> download is complete
> 1. F96syvsfhvPq54ME2VEX4A==
>
> download is complete
> 2. F96syvsfhvPq54ME2VEX4A=
>
> download is complete
> 3. F96syvsfhvPq54ME2VEX4A
>
> this show me err 403
> 4.F96syvsfhvPq54ME2VEX4
>
> Is this right ?
>
Yes, you are right.
The character of '=' in the base64 code is the padding character, it's
meaningless but for pad. So if you delete the '=', it's the same string.
see this url for detail: http://en.wikipedia.org/wiki/Base64#Padding
The base64 encode should be base64 for
url(http://en.wikipedia.org/wiki/Base64#URL_applications). It means no
padding '=' will be used and the characters of '+' and '/' in the base64
string should be respectively replace by '-' and '_'. I don't know if
there is a function like base64_encode_url() for this encode
transformation. You can find it or try it manually.
By the way, the string of 'your_secret_word' should be your own secret
string. It's used to protect anyone can't guess the transformation
procedure of md5 hash.
> Posted at Nginx Forum: http://forum.nginx.org/read.php?2,160061,160145#msg-160145
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx
>
>
--
Weibin Yao
More information about the nginx
mailing list