NGINX http-secure-link iphone issue !!

Reinis Rozitis r at
Wed Aug 10 12:33:55 UTC 2016

> Seems like you're right our approach is wrong for iphone application , 
> we're trying to generate hash in mobile application too which was not 
> right. Now we're taking approach where URL will construct on server & 
> distribute to all platforms.
> Is that how it should be ?

By generating the hash on the client application yout deliver the app with 
the md5 salt which might be discovered by decompiling your app (depending on 
the case it may or may not be a problem).

But for your initial question - without actually showing the hash 
implementation on the iphone app (the Object C code which generates the hash 
(if you use Common Crypto lib or something else)) people on mailing list can 
only guess what is wrong.

Check if you construct the string in right order eg the prehashed url is the 
same as on php side for example.


More information about the nginx mailing list