Welcome! Log In Create A New Profile

Advanced

Secure Link Md5 with Primary and Secondary Secret

Posted by anish10dec 
anish10dec
Secure Link Md5 with Primary and Secondary Secret
June 12, 2018 02:20PM
There is requirement for token authentication using two secret key i.e
primary and secondary secret for location block.

If token with first secret gives 405, then to generate the token with second
secret to allow the request.

This is required for changing the Secret Key in production on server so that
partial user will be allowed with old secret and some with new secret for
meanwhile till secret is updated on all servers and client.

Something similar to below implementation
https://cdnsun.com/knowledgebase/cdn-live/setting-a-token-authentication-protect-your-cdn-content

Regards & Thanks ,
Anish

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,280125,280125#msg-280125

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Current Configuration

secure_link $arg_token,$arg_expiry;
secure_link_md5 "secret$arg_expiry";
if ($secure_link = "") {return 405;}
if ($secure_link = "0"){return 410;}

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,280125,280126#msg-280126

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Francis Daly
Re: Secure Link Md5 with Primary and Secondary Secret
June 12, 2018 07:30PM
On Tue, Jun 12, 2018 at 08:09:18AM -0400, anish10dec wrote:

Hi there,

> There is requirement for token authentication using two secret key i.e
> primary and secondary secret for location block.

If this is the same scenario as in
https://forum.nginx.org/read.php?2,275668 and in
https://forum.nginx.org/read.php?2,278063 then I'm pretty sure that the
answer is the same as those times.

> If token with first secret gives 405, then to generate the token with second
> secret to allow the request.

There is a suggested untested config in an earlier response. Does it
work for you?

> This is required for changing the Secret Key in production on server so that
> partial user will be allowed with old secret and some with new secret for
> meanwhile till secret is updated on all servers and client.

If the client knows it, it's not a secret.

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sorry, only registered users may post in this forum.

Click here to login