Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How to Manage security in Microsoft Azure Blob/PHP ? (URL Expiry)

Posted on 2015-01-19
2
Medium Priority
?
396 Views
Last Modified: 2015-01-21
Hi Experts,

How do we manage URL expiry in Azure blob storage solution ? Or is there any other solution to secure Azure blob content ?  Please provide some guide lines, HOWTOs etc,

Thanks for your time !
0
Comment
Question by:Shakthi777
2 Comments
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points
ID: 40559375
Default TTL of 7 days and if you explicitly set the x-ms-blob-cache-control property as stated in link below (with code sample), you can have control on the cache period (in sec) e.g. value of the Cache-Control header for the blob.

http://msdn.microsoft.com/en-us/library/azure/gg680306.aspx

however, caching typically applies to static content (image, css, http pages, and not dynamic content (interactive html content, live streaming etc). assuming if the cache content is being poisoned or tamper, a copy will be served to the client and hence it is best not to have a very long caching periods if they are not easily abused. It also cannot be too short such that it negate the caching effect. It has to align to your business context and need. Maybe a optimal context can be 1hr as a start and test out on performance effects

Regardless, strict access control to those blob should be looked into first to reduce the window of exposure. There is shared access signature (SAS) for tconsideration. Do also check out also the "Best Practices for Using Shared Access Signatures"
Validate data written using SAS. When a client application writes data to your storage account, keep in mind that there can be problems with that data. If your application requires that that data be validated or authorized before it is ready to use, you should perform this validation after the data is written and before it is used by your application. This practice also protects against corrupt or malicious data being written to your account, either by a user who properly acquired the SAS, or by a user exploiting a leaked SAS.

Don't always use SAS. Sometimes the risks associated with a particular operation against your storage account outweigh the benefits of SAS. For such operations, create a middle-tier service that writes to your storage account after performing business rule validation, authentication, and auditing. Also, sometimes it's simpler to manage access in other ways. For example, if you want to make all blobs in a container publically readable, you can make the container Public, rather than providing a SAS to every client for access.
http://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-shared-access-signature-part-1/
(SAS' use case example) http://www.dotnetcurry.com/showarticle.aspx?ID=901
0
 

Author Closing Comment

by:Shakthi777
ID: 40562612
Very good information, thanks again !
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Your data is at risk. Probably more today that at any other time in history. There are simply more people with more access to the Web with bad intentions.
The article lists top benefits which gaming industry bestows with the assistance of cloud computing technology.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question