dimanche 27 novembre 2016

uniqid with mt_rand() as prefix and more entropy... Predictable string?

I using the next code to generate a unique string name for the files who are uploaded to my webserver:

uniqid(mt_rand(), true)

This returns strings like:

774984555583a985c017ef8.28294931

I used this in conjunction with a conditional to check if there is any file with the generated name; if exist I generate another string and so on until I get a unique name.

This works well; but I have a doubt that I cannot clarify for myself:


There is any way to predict the generated names with uniqid() and mt_rand() as prefix and "more entropy" to true?


ACLARATION:

I'm thinking of a potential brute force attack trying to access the file names.


ACLARATION 2: I do not have this problem, since I store my files outside the accessible directory of the web server.




Aucun commentaire:

Enregistrer un commentaire