NGINX http-secure-link iphone issue !!

Steve Wilson lists-nginx at swsystem.co.uk
Thu Aug 11 01:04:13 UTC 2016


My initial thoughts here are that you're potentially putting private
information in the public hands.

iirc to use http_secure_link you need some "private" information to
generate the md5sum. This data should not be part of a mobile
application. Personally I'd look at a way to get the full url from
something only you have access to, even if it's the basic of asp/php
pages to prevent you putting the secure part of the md5 generation into
public hands where anything can happen. What would happen if you decided
to change this private date and people/customers didn't want to update
their applications or didn't understand the impact of not doing the
update right now?

On 10/08/2016 08:07, shahzaib mushtaq wrote:
> Hi,
> 
> We've depolyed NGINX ngx_*http*_*secure*_*link*_module in our website
> based on php programming & its working well. Player is providing correct
> hash+expiry to serve links.
> 
> Though we're facing problem authenticating md5 from iphone mobile which
> is generating md5 based on C objective language & looks like this hash
> is somewhat different & have authenticating issue against NGINX md5. Is
> there any way of fixing it ?
> 
> Short conclusion :
> 
> Web APP == good
> Mobile APP == bad
> 
> Please if anyone guide us, would be really helpful.
> 
> Regards
> Shahzaib
> 
> 
> 
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
> 



More information about the nginx mailing list