Solved

How to Manage security in Microsoft Azure Blob/PHP ? (URL Expiry)

Posted on 2015-01-19
2
246 Views
Last Modified: 2015-01-21
Hi Experts,

How do we manage URL expiry in Azure blob storage solution ? Or is there any other solution to secure Azure blob content ?  Please provide some guide lines, HOWTOs etc,

Thanks for your time !
0
Comment
Question by:Shakthi777
2 Comments
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
Comment Utility
Default TTL of 7 days and if you explicitly set the x-ms-blob-cache-control property as stated in link below (with code sample), you can have control on the cache period (in sec) e.g. value of the Cache-Control header for the blob.

http://msdn.microsoft.com/en-us/library/azure/gg680306.aspx

however, caching typically applies to static content (image, css, http pages, and not dynamic content (interactive html content, live streaming etc). assuming if the cache content is being poisoned or tamper, a copy will be served to the client and hence it is best not to have a very long caching periods if they are not easily abused. It also cannot be too short such that it negate the caching effect. It has to align to your business context and need. Maybe a optimal context can be 1hr as a start and test out on performance effects

Regardless, strict access control to those blob should be looked into first to reduce the window of exposure. There is shared access signature (SAS) for tconsideration. Do also check out also the "Best Practices for Using Shared Access Signatures"
Validate data written using SAS. When a client application writes data to your storage account, keep in mind that there can be problems with that data. If your application requires that that data be validated or authorized before it is ready to use, you should perform this validation after the data is written and before it is used by your application. This practice also protects against corrupt or malicious data being written to your account, either by a user who properly acquired the SAS, or by a user exploiting a leaked SAS.

Don't always use SAS. Sometimes the risks associated with a particular operation against your storage account outweigh the benefits of SAS. For such operations, create a middle-tier service that writes to your storage account after performing business rule validation, authentication, and auditing. Also, sometimes it's simpler to manage access in other ways. For example, if you want to make all blobs in a container publically readable, you can make the container Public, rather than providing a SAS to every client for access.
http://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-shared-access-signature-part-1/
(SAS' use case example) http://www.dotnetcurry.com/showarticle.aspx?ID=901
0
 

Author Closing Comment

by:Shakthi777
Comment Utility
Very good information, thanks again !
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

These days socially coordinated efforts have turned into a critical requirement for enterprises.
Steve Terp was featured in a video created by CRN about how "Channel Is Crucial To Market Disruption". Click on View source to see the video and article
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now