Once assigned, the user_id that my app creates is never changed. I would use the auth.user.id field, but I don't like the fact that it's sequential and therefore, easily guessed. I doubt that uploads can be hacked easily since you did such a good job with security. Nevertheless, I prefer to have an additional layer of obfuscation by having an encrypted user_id.
On Jun 10, 11:32 pm, mdipierro <[email protected]> wrote: > The problem with this is that the, I assume, tha database links the > uploaded filename to the user_id and therefore you need to access the > database to locate the file. That is ok until the database changes and > somebody edits the user_id. Than you can no longer locate the file. > > On Jun 10, 7:36 am, weheh <[email protected]> wrote: > > > > > I think I'm dealing with the same situation, however, I'm going about > > it a little differently. I'm storing files in > > > uploads/users/user_id/filename > > > My user_id is a cypher of characters [A-Z][a-z][0-9] with a length > > anywhere from 8 to 12 characters or so. The filename is another cypher > > created automatically by web2py, following the table.field approach. > > > One thing I'm thinking about is taking the user/user_id/filename > > structure entirely outside of web2py. The reason is that my server has > > 2 disk partitions and I might want to have these files resident under > > C:/ or D:/ Another reason is that I might want to gradually move > > these files to the cloud or another server. I'm wondering whether this > > is reasonable and even possible to do from within a web2py app working > > around the web2py way.- Hide quoted text - > > - Show quoted text -
