Hello!<br><br><div class="gmail_quote">On Wed, Jun 10, 2009 at 11:53 PM, merlin corey <span dir="ltr"><<a href="mailto:merlincorey@dc949.org">merlincorey@dc949.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
That is precisely the kind of control required to take place in an<br>
upstream application, not nginx. Nginx should be thought of as sort<br>
of a signal processor, that is, it sits in a stream and does its<br>
business as quickly and efficiently as possible. Waiting on databases<br>
is neither quick nor efficient.</blockquote><div><br></div><div>First of all thanks for your answer Merlin!</div><div><br></div><div>I think it as an option so user have the choice using it or not. And in this way user decides to put load on server or not. But in short there is no such option.</div>
<div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Also there is nothing secure about cookies, which can be completely<br>
manipulated by the client. Session data, on the other hand, is<br>
internal and therefore much more reliable (and is basically what you<br>
want to use).</blockquote><div><br></div><div>I know it but not as easy as cheating on referrer. I do not look for writing the perfect protection system actually but good enough for basic protection and using as much of different techniques as possible but not more. And I do not want to write any external code (PHP in my case) let's say I am lazy. If I am able to store and retrieve used cookies and their deadline within nginx the system would be pretty useful.</div>
<div><br></div><div>Is nginx have session data or some external processing required?</div><div><br></div><div>Bye,</div><div>Zsolt</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div><div class="h5">On Wed, Jun 10, 2009 at 3:16 AM, Artifex Maximus<<a href="mailto:artifexor@gmail.com">artifexor@gmail.com</a>> wrote:<br>
> Hello!<br>
><br>
> On Tue, Jun 9, 2009 at 2:48 PM, Artifex Maximus<<a href="mailto:artifexor@gmail.com">artifexor@gmail.com</a>> wrote:<br>
>> 2009/6/9 Igor Sysoev <<a href="mailto:is@rambler-co.ru">is@rambler-co.ru</a>>:<br>
>>> On Tue, Jun 09, 2009 at 01:30:50PM +0200, Artifex Maximus wrote:<br>
>>><br>
>>>> I am pretty newbie to nginx and having problem on protecting my links.<br>
>>>> I am using valid_referers but is it possible using cookies for make it<br>
>>>> stronger?<br>
>>>><br>
>>>> For example I set cookie uid with nginx's userid in 'location / {}'<br>
>>>> and check somehow under 'location /download/ {}' for cookie uid. Is it<br>
>>>> possible or just a dream? Userid was just an idea and not necessary.<br>
>>>> And any other ideas are welcome as well because cheating referer is<br>
>>>> easy task.<br>
>>><br>
>>> location /download/ {<br>
>>> if ($cooke_NAME = '') {<br>
>>> return 403;<br>
>>> }<br>
>>> }<br>
>><br>
>> Looks nice. Thank you Igor!<br>
><br>
> And working perfectly though. Is there any simple solution (without<br>
> PHP or any external utility) to tracking this cookies? I mean storing<br>
> cookies in database and checking that cookie have sent is valid or<br>
> not. Or is it too complex and not nginx task?<br>
><br>
> Bye,<br>
> Zsolt</div></div></blockquote></div>