logo topseosmo.com

 query : Uploading user files: should I rename them? I have a website which allows users to upload their files (say, like attachments to messages in forums). ~90% of the files are pictures and the rest

@Michele947

Posted in: #Php #Security #Uploading

I have a website which allows users to upload their files (say, like attachments to messages in forums). ~90% of the files are pictures and the rest are .zip.rar and similar types. So, user provides a file and ID of the entity heshe wants to attach the file to and the website does following:


For images performing checking the size
For all files performs check with clamav
If above checks passed, then puts the file to <website>/miscfiles/files/$user_or_post_id/<the same filename> or <website>/images/$user_or_post_id/<the same filename>


In the meantime, on other websites I often saw that the website obfuscates filename somehow, like avatar.jpg -> 26231062_936429879837960_3913793953388262138_n.jpg

I wonder, how important is this "obfuscating" filename part, should I implement it on my website? What are the well-known ways to do it, use random strings, take md5 hash, something else?

10% popularity Vote Up Vote Down


Report

0 Comments

Sorted by latest first Latest Oldest Best

Back to top | Use Dark Theme