NGINX http-secure-link iphone issue !!
Francis Daly
francis at daoine.org
Wed Aug 10 12:32:34 UTC 2016
On Wed, Aug 10, 2016 at 01:01:33PM +0500, shahzaib mushtaq wrote:
Hi there,
> > Why does the client have anything to do with md5 and generating things?
> User clicks on video -> move to watch video page -> a function creates
> md5+expiry on this page -> Secure URL appends into the player -> Video
> starts to play.
I think I'm still a bit unclear on why the "secure" link is used here
at all.
If the link is created by the client, then it doesn't really count as
"secure", does it?
Oh, I guess that if "the client" is your own custom code rather than
(say) a piece of javascript that is offered to any browser, that might
be a good reason for using that design.
> Seems like you're right our approach is wrong for iphone application ,
> we're trying to generate hash in mobile application too which was not
> right. Now we're taking approach where URL will construct on server &
> distribute to all platforms.
>
> Is that how it should be ?
Oh, it *can* be anything that you want. The design depends on what the
requirements are -- do you use the "secure link" just for a time-expiry
(instead of just removing the video from the server); or for some other
control like "must come from a particular IP address" or "must also
include a particular cookie".
It could well be that your current design is correct for your
requirements, and the problem is in whatever the iphone application
is doing.
The only nginx-related piece is to ensure that it correctly
reads-and-interprets the secure part of the url, and for that you need
to make sure that whatever creates the url uses the expected method to
create it.
Cheers,
f
--
Francis Daly francis at daoine.org
More information about the nginx
mailing list