管理在 Azure 存储 Blob 上的 100,000 个 SAS 用户委派令牌

huangapple go评论73阅读模式
英文:

Manage 100,000 SAS User Delegated Tokens on Azure Storage Blobs

问题

用户委托的 SAS 令牌仅用于按个体基础访问 blob 文件(图像)。一个大容器和目录中可能有超过 100,000 个令牌。是否有关于 blob 和相关令牌数量的任何限制?在这种方法中是否存在性能问题?

尚未为测试生成 100,000 个,但看到了模式并试图设计最佳解决方案。已考虑过帐户、容器和目录令牌,但需要 1-1 用户对图像 blob 的读取权限。在这种所有 blob 都在一个目录中的解决方案上是否存在限制和性能问题?有哪些性能和管理方面的考虑?

英文:

User delegated SAS tokens for having user only access blob files (iamges) on an individual basis. It is possible to have over 100,000 tokens in one large container and directory. Are there any limits to howmany blobs and related tokens ?? Are there any performance issues in this approach?

Have not generated 100,000 for test, but see the pattern and am trying to design best solution. Have considered Account, Container, and Directory tokens but need 1-1 User to image blob read access. Are there limits and performance issues on this solution of having all blobs in 1 directory? What are the performance and management considerations?

答案1

得分: 0

SAS令牌是通过使用两个输入生成的。一组凭据和一个查询字符串。在查询字符串中,您可以定义诸如过期日期、权限等设置。这两个输入被放入算法中,生成一个签名,然后将该签名添加到查询字符串中,以创建SAS令牌。

然后,当您使用SAS令牌时,存储账户服务器会检查您的查询字符串和凭据是否能够生成相同的签名,并且如果匹配,则知道该令牌是有效的。查询字符串中的信息用于确定您是否被允许执行该操作。

简而言之,SAS令牌仅使用凭据和查询字符串创建和验证。它们永远不会保存到数据库中。换句话说,无论您生成1个、1000个还是10亿个SAS令牌都无关紧要。

英文:

The SAS tokens are generated by using a two inputs. A set of credentials and a querystring. In the querystring you can define the settings such as expiration date, permissions and more. Both of these inputs are thrown into an algorithm to generate a signature that's added to the querystring to create the SAS token.

Then when you use the SAS token the Storage Account server checks if your querystring and credentials can generate that same signature and if it matches it knows the token is valid. The information in the querystring is used for to determine if you are allowed to perform the action.

In short; the SAS tokens are created and validated using just the credentials and querystring. They are never saved to a database. In other words it doesn't matter if you generate 1, 1000 or a billion SAS tokens.

huangapple
  • 本文由 发表于 2023年3月9日 21:47:07
  • 转载请务必保留本文链接:https://go.coder-hub.com/75685476.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定