My initial thoughts here are that you're potentially putting private information in the public hands.
iirc to use http_secure_link you need some "private" information to generate the md5sum. This data should not be part of a mobile application. Personally I'd look at a way to get the full url from something only you have access to, even if it's the basic of asp/php pages to prevent you putting the secure part of the md5 generation into public hands where anything can happen. What would happen if you decided to change this private date and people/customers didn't want to update their applications or didn't understand the impact of not doing the update right now? On 10/08/2016 08:07, shahzaib mushtaq wrote: > Hi, > > We've depolyed NGINX ngx_*http*_*secure*_*link*_module in our website > based on php programming & its working well. Player is providing correct > hash+expiry to serve links. > > Though we're facing problem authenticating md5 from iphone mobile which > is generating md5 based on C objective language & looks like this hash > is somewhat different & have authenticating issue against NGINX md5. Is > there any way of fixing it ? > > Short conclusion : > > Web APP == good > Mobile APP == bad > > Please if anyone guide us, would be really helpful. > > Regards > Shahzaib > > > > > _______________________________________________ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx