Geek Answers Handbook

PHP / Amazon S3: query string authentication sometimes fails

I created a simple PHP file browser that links to files via URLs ending in the expiring generation. Therefore, for each access to the directory, a link is created for each file, which is valid for 900 seconds.

I now have a problem that the generated signatures seem to fail sometimes. Which is strange, since I intentionally used S3 external libraries to generate URLs and signatures.

In fact, I tried the following libraries for generating signatures:

Libraries internally use hash_hmac ('sha256', ... or hash_hmac ('sha1', ... - I also don't understand why differnet hashing algorithms are used.

Since the problem is the same with all libraries, it can also be in the code of the URL generation code, which is simple:

$bucket = "myBucket"; $filename = $object->Key; $linksValidForSeconds = 900; $url = $s3->get_object_url($bucket, $filename, $linksValidForSeconds);

Sp $ bucket and $ linksValidForSeconds are constant, $ filename, for example. "Media / Pictures / My Picture.png". But an event for the same variables sometimes works, soemtimes does not.

Any ideas?

Edit: Tipo / Invalid constant variable name fixed (thanks)

+6
php amazon-s3 digital-signature
source share
3 answers

I found a problem, and this had nothing to do with the code I mentioned. The generated URL is urlencode () 'd and is sent to another PHP script. There I use a URL to display an image from S3. I used urldecode () there to discard the changes, but apparently this is not necessary.

Thus, every time a signature contains certain characters, urldecode () will change them and ruin them.

Sorry for the lack of an actual problem code.

+3
source share

The code used by the specified user is presented in the CloudFusion AWS PHP SDK. Here's the documentation for get_object_url () : get_object_url ( $bucket, $filename, [ $preauth = 0 ], [ $opt = null ] )

The problem in your code above is your $linksValidForSeconds variable.

Where: $preauth is an integer | string (Optional) Indicates that the assigned URL for this request should be returned. It can be passed a few seconds after UNIX Epoch or any string compatible with strtotime() .

In other words, you set the expiration time to 900 seconds after the UNIX era. I honestly don't know how any links using this library work with your client code. If you use the CloudFusion SDK , then you must make the current UNIX time and add 900 seconds to this when passing in the parameter.

It seems you are mixing this with the Amazon S3 class of the getAuthenticatedURL class, which takes the integer $lifetime parameter in seconds since you're used in your client code.

Be careful when using multiple libraries and sharing between them freely. Things tend to break in this way.

+1
source share

The current version of CloudFusion is the AWS SDK for PHP, as well as some other things. Amazon forked CloudFusion as the basis for its PHP SDK, and then when the official SDK went live, CloudFusion saved the changes.

This is a kind of KHTML / WebKit thing. http://en.wikipedia.org/wiki/WebKit#History

0
source share

More articles:


All Articles