John Campbell wrote:
What is the point of this? It offers no security -- if one knows the id, then then they know $p1 and $p2. Why not just put it in a folder of the id?
Because stashing potentially tens of thousands of files into a single directory is an SA nightmare even if you have a filesystem that supports that many nodes in a directory.
The question wasn't about security. It was about how to break up an ID into something that could point to file inside a directory hierarchy. It's not a URL but a file path that the application generates from the user's ID. Making it harder for the user to guess isn't an issue because the directory would presumably (hopefully) live outside web root.
_______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
