Hi everyone,
I am new to Yii and using Yii2. I want to show the uploaded file urls to be secure. So that users can not guess the filepath etc. Can anyone please advise?
Hi everyone,
I am new to Yii and using Yii2. I want to show the uploaded file urls to be secure. So that users can not guess the filepath etc. Can anyone please advise?
You can use uniq() to generate unique random names and then just add your image extension.
Or to event make it harder to guess use uniqid(rand()) and apply a hash function like md5 or sha1.
Yii2 has \Yii::$app->security->generateRandomString(): http://www.yiiframework.com/doc-2.0/yii-base-security.html#generateRandomString()-detail
“Hiding” files by generating random (even cryptographically strong random) filenames doesn’t add anything to the security of your application. Implementing a proper permission/access control system does.
You can even store the random key are a reference in the database and serve the file from there.
Then you can even control timeouts and deletions of the uploaded file if you wanted to
What phtamas saying is correct if your files are to be viewed by certain users only and not by others. If it’s just to avoid parsing your content (well, making it harder at least), prefer unique strings generated by Yii’s security component because PHP’s uniqid() isn’t unique enough.