On Wed, May 28, 2008 at 3:24 PM, Steve Manes <[EMAIL PROTECTED]> wrote:
> MD5. Here's a function I use in a file_store class to generate a munged
> directory file path given (for instance) a user's unique ID.
>
> public function generate_upload_path($id)
> {
> $hash = md5($id);
> $p1 = substr($hash, 0, 3);
> $p2 = substr($hash, 3, 3);
>
> return $this->attachments_dir . "/$p1/$p2/$id";
> }
What is the point of this? It offers no security -- if one knows the
id, then then they know $p1 and $p2. Why not just put it in a folder
of the id?
If you want to make $p1 and $p2 harder to guess, you will need to do
something like:
$hash = md5(md5("a secret long enough that it can't be rainbowed") . $id);
-John C.
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
