So the filename is always unique.
However, some of these pictures are password protected from viewing via a password form. Incorrect password = error message. Correct password = access to the pictures.
Now, I just recently got to thinking... someone could create a script to find these pictures without needing a password. It would seem pretty useless, but it would turn up results.. something like:
Code: Select all
$dir = "http://www.domain.com/dir/";
$time = time();
$onemonth = 60*60*24*30;
$starttime = $time-$onemonth;
$i = $starttime;
while($i < $time)
{
echo "<img src=\"".$dir.$i.".jpg\"><BR />";
$i++;
}So I need to randomize my image names.. time() isn't effective for security reasons.
What if I md5()'d the time... would this produce a unique filename each time? Would the filename be too long?
If that's not secure.. what about salting the md5()'d time?
Your thoughts please....