Solved

How to Manage security in Microsoft Azure Blob/PHP ? (URL Expiry)

Posted on 2015-01-19
2
320 Views
Last Modified: 2015-01-21
Hi Experts,

How do we manage URL expiry in Azure blob storage solution ? Or is there any other solution to secure Azure blob content ?  Please provide some guide lines, HOWTOs etc,

Thanks for your time !
0
Comment
Question by:Shakthi777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 40559375
Default TTL of 7 days and if you explicitly set the x-ms-blob-cache-control property as stated in link below (with code sample), you can have control on the cache period (in sec) e.g. value of the Cache-Control header for the blob.

http://msdn.microsoft.com/en-us/library/azure/gg680306.aspx

however, caching typically applies to static content (image, css, http pages, and not dynamic content (interactive html content, live streaming etc). assuming if the cache content is being poisoned or tamper, a copy will be served to the client and hence it is best not to have a very long caching periods if they are not easily abused. It also cannot be too short such that it negate the caching effect. It has to align to your business context and need. Maybe a optimal context can be 1hr as a start and test out on performance effects

Regardless, strict access control to those blob should be looked into first to reduce the window of exposure. There is shared access signature (SAS) for tconsideration. Do also check out also the "Best Practices for Using Shared Access Signatures"
Validate data written using SAS. When a client application writes data to your storage account, keep in mind that there can be problems with that data. If your application requires that that data be validated or authorized before it is ready to use, you should perform this validation after the data is written and before it is used by your application. This practice also protects against corrupt or malicious data being written to your account, either by a user who properly acquired the SAS, or by a user exploiting a leaked SAS.

Don't always use SAS. Sometimes the risks associated with a particular operation against your storage account outweigh the benefits of SAS. For such operations, create a middle-tier service that writes to your storage account after performing business rule validation, authentication, and auditing. Also, sometimes it's simpler to manage access in other ways. For example, if you want to make all blobs in a container publically readable, you can make the container Public, rather than providing a SAS to every client for access.
http://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-shared-access-signature-part-1/
(SAS' use case example) http://www.dotnetcurry.com/showarticle.aspx?ID=901
0
 

Author Closing Comment

by:Shakthi777
ID: 40562612
Very good information, thanks again !
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Optimized for private cloud infrastructures and datacenters, Nano Server is minimalistic, yet super-efficient, OS for services such as Hyper-V and Hyper-V cluster. Learn how you can easily deploy Nano Server and unlock its power!
This article discusses how to implement server side field validation and display customized error messages to the client.
The viewer will learn how to count occurrences of each item in an array.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question