[nycphp-talk] protecting download directory in PHP app on Unix box?
Steve Manes
smanes at magpie.com
Wed May 28 19:01:01 EDT 2008
John Campbell wrote:
> What is the point of this? It offers no security -- if one knows the
> id, then then they know $p1 and $p2. Why not just put it in a folder
> of the id?
Because stashing potentially tens of thousands of files into a single
directory is an SA nightmare even if you have a filesystem that supports
that many nodes in a directory.
The question wasn't about security. It was about how to break up an ID
into something that could point to file inside a directory hierarchy.
It's not a URL but a file path that the application generates from the
user's ID. Making it harder for the user to guess isn't an issue
because the directory would presumably (hopefully) live outside web root.
More information about the talk
mailing list