I using the next code to generate a unique string name for the files who are uploaded to my webserver:
uniqid(mt_rand(), true)
This returns strings like:
774984555583a985c017ef8.28294931
I used this in conjunction with a conditional to check if there is any file with the generated name; if exist I generate another string and so on until I get a unique name.
This works well; but I have a doubt that I cannot clarify for myself:
There is any way to predict the generated names with uniqid()
and mt_rand()
as prefix and "more entropy"
to true
?
ACLARATION:
I'm thinking of a potential brute force attack trying to access the file names.
ACLARATION 2: I do not have this problem, since I store my files outside the accessible directory of the web server.
Aucun commentaire:
Enregistrer un commentaire