AWS AmazonCloudFront documentation change
Summary
Added note about SHA256 support in PHP OpenSSL signing for CloudFront URLs
Security assessment
This change adds documentation about using OPENSSL_ALGO_SHA256 instead of default SHA1 in PHP's openssl_sign function for CloudFront URL signing. This promotes stronger cryptographic security but doesn't indicate a specific security issue being addressed.
Diff
diff --git a/AmazonCloudFront/latest/DeveloperGuide/CreateURL_PHP.md b/AmazonCloudFront/latest/DeveloperGuide/CreateURL_PHP.md index 0a42c0c9b..15e15dcf1 100644 --- a//AmazonCloudFront/latest/DeveloperGuide/CreateURL_PHP.md +++ b//AmazonCloudFront/latest/DeveloperGuide/CreateURL_PHP.md @@ -16,0 +17,2 @@ Any web server that runs PHP can use this PHP example code to create policy stat + * In the `openssl_sign` call, note that passing `OPENSSL_ALGO_SHA256` as the fourth argument switches to SHA-256. (See also the [Create signed cookies using PHP](./signed-cookies-PHP.html) for a full example.) +