Solved

How to Manage security in Microsoft Azure Blob/PHP ? (URL Expiry)

Posted on 2015-01-19
2
305 Views
Last Modified: 2015-01-21
Hi Experts,

How do we manage URL expiry in Azure blob storage solution ? Or is there any other solution to secure Azure blob content ?  Please provide some guide lines, HOWTOs etc,

Thanks for your time !
0
Comment
Question by:Shakthi777
2 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 40559375
Default TTL of 7 days and if you explicitly set the x-ms-blob-cache-control property as stated in link below (with code sample), you can have control on the cache period (in sec) e.g. value of the Cache-Control header for the blob.

http://msdn.microsoft.com/en-us/library/azure/gg680306.aspx

however, caching typically applies to static content (image, css, http pages, and not dynamic content (interactive html content, live streaming etc). assuming if the cache content is being poisoned or tamper, a copy will be served to the client and hence it is best not to have a very long caching periods if they are not easily abused. It also cannot be too short such that it negate the caching effect. It has to align to your business context and need. Maybe a optimal context can be 1hr as a start and test out on performance effects

Regardless, strict access control to those blob should be looked into first to reduce the window of exposure. There is shared access signature (SAS) for tconsideration. Do also check out also the "Best Practices for Using Shared Access Signatures"
Validate data written using SAS. When a client application writes data to your storage account, keep in mind that there can be problems with that data. If your application requires that that data be validated or authorized before it is ready to use, you should perform this validation after the data is written and before it is used by your application. This practice also protects against corrupt or malicious data being written to your account, either by a user who properly acquired the SAS, or by a user exploiting a leaked SAS.

Don't always use SAS. Sometimes the risks associated with a particular operation against your storage account outweigh the benefits of SAS. For such operations, create a middle-tier service that writes to your storage account after performing business rule validation, authentication, and auditing. Also, sometimes it's simpler to manage access in other ways. For example, if you want to make all blobs in a container publically readable, you can make the container Public, rather than providing a SAS to every client for access.
http://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-shared-access-signature-part-1/
(SAS' use case example) http://www.dotnetcurry.com/showarticle.aspx?ID=901
0
 

Author Closing Comment

by:Shakthi777
ID: 40562612
Very good information, thanks again !
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many CHPs use the buzzword ‘Cloud Hosting’ to sell the idea of reliability. Most consumers have the opinion that cloud hosting is easily scalable and can handle just about anything. Further, most CHPs are not transparent and hide the underlying arch…
In previous parts of this Nano Server deployment series, we learned how to create, deploy and configure Nano Server as a Hyper-V host. In this part, we will look for a clustering option. We will create a Hyper-V cluster of 3 Nano Server host nodes w…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question