Image path and names available for all

[mthiel1]

Images always have the same path.
How can I protect the images?
Theoretically, anyone can access all (even the private) images. He just has to try different names.

 

[Rodolfo]

Images always have the same path.
How can I protect the images?
Theoretically, anyone can access all (even the private) images. He just has to try different names.

When you upload something as private the url generated is like /path/<random>.ext, now... the lenght of the random string is 8 chars I believe and for esch char you have 36 possible values (A-Z + 0-9) so the possibilities are absurd big. Is 36 pow 8 which is 2821109907456 possibilities. So you are telling me that it could be guessed? Ok, it could be guessed but the computing needed is huge. If every request takes you one second it will need near 90,000 years to complete, if you take 10 request per second it will take 9,000 years... Remember that the server watchdog will notice a permanent IP doing those queries....

The only way to make the pictures 100% private is by serving all the images using PHP which may cause a lot of issues because that will demand a lot of machine because every request wil be dynamic. I think that the easiest thing to do is raise the number chars to 16 or 32 so guess the filename will be truly impossible and it will take many times the age of the universe to complete.

 

[mthiel1]

ah i understand! so i have to set private before uploading or i have to set Image-Name to random...
thanks! thats ok