|
|
|
|
|
|
by mkyc
6057 days ago
|
|
|
Whoa, no, don't do this. dsc-450.jpg > user/acbdddc1ab1b73536fabbd3f4ffeea4e
dsc-450.jpgsalt > f043ce111eb398cd280b67c80c6c8ca6
usersaltdsc-450.jpg > 272ed08a85fc1e47b97462fb053a7c29 You'd need at least a secret site salt, as well as a per-user salt. If you have only a site salt, I can figure out what file names would be by uploading my own. If you had only a per-user salt, I calculate it myself. The problem of your site salt getting out remains. At the very least, you should randomly generate identifiers. This makes it less obvious which targets are worth looking at. What you really need, though, is something like per-folder access control. |
|
|