HttpSecureLinkModule Q?

Weibin Yao nbubingo at gmail.com
Wed Dec 22 05:25:17 MSK 2010


izrodix at 2010-12-21 19:28 wrote:
> Weibin Yao, 
> it's working but may be I'm doing something wrong.
> Here is what I do.
>
> $uri_hash = md5('your_secret_word'.'/subdir1/subdir2/movie.flv', true);
> $uri_ehash = base64_encode($uri_hash);
>
> this is result of uri_ehash
> http://127.0.0.1/subdir1/subdir2/movie.flv?md5=F96syvsfhvPq54ME2VEX4A==
>
> this show me err 403
> http://127.0.0.1/subdir1/subdir2/movie.flv
>  
> I delete some part of hash
>
>  download is complete
> 1. F96syvsfhvPq54ME2VEX4A==
>
> download is complete
> 2. F96syvsfhvPq54ME2VEX4A=
>
> download is complete
> 3. F96syvsfhvPq54ME2VEX4A
>
> this show me err 403
> 4.F96syvsfhvPq54ME2VEX4
>
> Is this right ?
>   
Yes, you are right.

The character of '=' in the base64 code is the padding character, it's 
meaningless but for pad. So if you delete the '=', it's the same string. 
see this url for detail: http://en.wikipedia.org/wiki/Base64#Padding

The base64 encode should be base64 for 
url(http://en.wikipedia.org/wiki/Base64#URL_applications). It means no 
padding '=' will be used and the characters of '+' and '/' in the base64 
string should be respectively replace by  '-' and '_'. I don't know if 
there is a function like base64_encode_url() for this encode 
transformation. You can find it or try it manually.

By the way, the string of 'your_secret_word' should be your own secret 
string. It's used to protect anyone can't guess the transformation 
procedure of md5 hash.
> Posted at Nginx Forum: http://forum.nginx.org/read.php?2,160061,160145#msg-160145
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx
>
>   


-- 
Weibin Yao




More information about the nginx mailing list