That is precisely the kind of control required to take place in an
upstream application, not nginx. Nginx should be thought of as sort
of a signal processor, that is, it sits in a stream and does its
business as quickly and efficiently as possible. Waiting on databases
is neither quick nor efficient.
Also there is nothing secure about cookies, which can be completely
manipulated by the client. Session data, on the other hand, is
internal and therefore much more reliable (and is basically what you
want to use).
-- Merlin
On Wed, Jun 10, 2009 at 3:16 AM, Artifex Maximus<arti...@gmail.com> wrote:
Hello!
On Tue, Jun 9, 2009 at 2:48 PM, Artifex Maximus<arti...@gmail.com> wrote:
2009/6/9 Igor Sysoev <is...@rambler-co.ru>:
On Tue, Jun 09, 2009 at 01:30:50PM +0200, Artifex Maximus wrote:
I am pretty newbie to nginx and having problem on protecting my links.
I am using valid_referers but is it possible using cookies for make it
stronger?
For example I set cookie uid with nginx's userid in 'location / {}'
and check somehow under 'location /download/ {}' for cookie uid. Is it
possible or just a dream? Userid was just an idea and not necessary.
And any other ideas are welcome as well because cheating referer is
easy task.
location /download/ {
if ($cooke_NAME = '') {
return 403;
}
}
Looks nice. Thank you Igor!
And working perfectly though. Is there any simple solution (without
PHP or any external utility) to tracking this cookies? I mean storing
cookies in database and checking that cookie have sent is valid or
not. Or is it too complex and not nginx task?
Bye,
Zsolt
8 messages in ru.sysoev.nginxRe: Protect link with cookies?
