My initial thoughts here are that you're potentially putting private
information in the public hands.
iirc to use http_secure_link you need some "private" information to
generate the md5sum. This data should not be part of a mobile
application. Personally I'd look at a way to get the full url
md5 shouldn't give different results regardless of implementation - my
guess is that your different platforms are using different character
encodings (iso8859 vs utf8 for instance) and that is the source of your
differences. To verify your md5 implementation there are test vectors here
Seems like you're right our approach is wrong for iphone application ,
we're trying to generate hash in mobile application too which was not
right. Now we're taking approach where URL will construct on server &
distribute to all platforms.
Is that how it should be ?
By generating the hash
On Wed, Aug 10, 2016 at 01:01:33PM +0500, shahzaib mushtaq wrote:
Hi there,
> > Why does the client have anything to do with md5 and generating things?
> User clicks on video -> move to watch video page -> a function creates
> md5+expiry on this page -> Secure URL appends into the player ->
Hi,
> Why does the client have anything to do with md5 and generating things?
The usual model is that something on the server creates the "secure"
url, and gives it to the client. The client then requests that url;
the server checks that it is valid, and the server issues the content.
Does your
On Wed, Aug 10, 2016 at 12:07:58PM +0500, shahzaib mushtaq wrote:
Hi there,
> We've depolyed NGINX ngx_*http*_*secure*_*link*_module in our website based
> on php programming & its working well.
That much makes sense.
> Player is providing correct hash+expiry to serve links.
I'm not sure
Hi,
We've depolyed NGINX ngx_*http*_*secure*_*link*_module in our website based
on php programming & its working well. Player is providing correct
hash+expiry to serve links.
Though we're facing problem authenticating md5 from iphone mobile which is
generating md5 based on C objective language &