Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I\'m creating a file storage site and what I would do is just have the download

ID: 662029 • Letter: I

Question

I'm creating a file storage site and what I would do is just have the download links format as:

https://www.domain.com/[id]/[file name] //id would just be 1, 2, 3 etc.

Dropbox and many others have it similarly except that the IDs are long / hashed:

https://www.dropbox.com/s/23d3kaz4adw9deq/anyfile.txt

Is there any (security) reason behind for having it that way?

I was thinking maybe they do it like that so that people can't just increment the id by 1 and just download everything they come across which would result in unnecessarily losing of more bandwidth. But that is not the case, because both the ID and FILE NAME need to match, and file names aren't easily guessable.

Explanation / Answer

Well, more than security (which you can achieve via other means, such as appropriate authentication), the issue is that when you have multiple front ends, you cannot easily implement a serial number, and scale, esp. if your service is also geographically distributed (either for disaster recovery or just geo-locality concerns).

Imagine a drop box like service with hundreds (if not thousands) servers saving files on hundreds (if not thousands) back end servers, who is going to keep an index of what the current file # is? Even within the same account, you have the same problem with clients uploading files simultaneously.

The way to avoid that is to come up with URIs for the files such that the possibility of collisions is negligible. That is why systems such as SQL server have always supported both an auto-increment primary index, as well as a unique ID which was based on GUID. For folks who have worked on databases (such as myself), we almost always used GUIDs unless we knew we would definitely have a single DB server, in which case having auto-increment was the best experience to have :-)

Related Questions

I\'m confused about how to assign the voltage polarities on circuitelements. Bel
Question #1829278
I\'m confused about how to set-up from section 4.1 question 7 and Q8, but if I c
Question #2980387
I\'m confused about the % error. I know the equation is |(actual-experimental)/a
Question #1051350
I\'m confused about the actual percentages not the rest. Thanks in advance. (c)
Question #3238104
I\'m confused about the actual percentages not the rest. Thanks in advance. (c)
Question #3252832
I\'m confused about the meaning of basolateral vs. apical sides ofcell membranes
Question #4790
I\'m confused about the relationship between the pKas, the pH, the pI, and the n
Question #864108
I\'m confused about this code and why this is not compling. the output and input
Question #670685
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
I\'m creating a dynamic popup menu whose contents depends on the state of what t
Next
I\'m creating a little rpg fight program just for fun and to practice my java (I

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.