i have a web interface file sharing application i'm developing
(the files are on a per user basis,
there can be 2 files that two different users can access,
that is, one file may be accessed by usera, but not by userb)
i keep a table for files- file information-
things like- filepath, inode, creation date, file description, etc.
Here's the kicker, I am using inode as unique row identifier- instead of an auto increment id.
Why?
- inode is already unique by the filesystem.
- people can rename the files via the filesystem- and i have a checkup cron for example, that can make sure the file names match the inodes- and update the db as needed, with new file names for existing entries in table
- a file can be queried for its inode, and that lets us know what record to look up in the table
My questions:
- I understand we must never return sensitive data to the browser- i therefore should be returning a file id number or reference code, instead of an inode number, that sounds sensitive, right?
- users select files to download, etc from a list- therefore the browser client returns to the code- inodes... how sensitive is this, am i doign something really dangerous ?
background
what the main purpose of this app is, is to let specific users download specific files. when a user requests a file via the browser by inode (instead of reference id, etc) - the code checks that a specific permission for that user to that one file exists - if a user without a permission to file x, would be turned down, kicked out, error logged
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.