Image Upload Service - Image locations and Image Identifiers

Question

I would like to create a image uploading service (yes, i am aware of imageshack, photobucket, flickr...etc) :)

I have seen only imageshack show the directory names ("img294", "1646") of where the image is located, in the same way - i would like to do this.

http://img294.imageshack.us/img294/1646/jquery**kd5**.jpg

1) Are there any security issues I should be aware if i take this implementation?

2) How do these sites come up with short unique identifiers ("kd5")?

Thanks all for any advice and help.

Answer 1

Well for starters, unless you would like the directory to be public, put dummy index.html files in there or just restrict access to public users for those directories.

As for the unique identifiers there are many ways of going about this... some of my favourite chunks of information to use:

• UNIX time (if running a unix based server)
• chunks of the md5 of the file
• pseudo random numbers
• piece of the original filename

With these and many other pieces of information at your fingertips it should be easy to prevent duplicate image names conflicting on your server as well, you can gather as many as you like and concatenate them into a string for the filename. The md5 can be placed in a database as well to aid in a method of duplicate image detection, which could save you disk space as well.

Answer 2

I can promise you they all use URL rewriting. This will help with security issues, too.