问题
I am managing a web application that uses Rackspace Cloud Hosting to store user images and files. Currently, when serving user pages, the real links to the files in the cloud are used. Potentially a user could view other users' files by guessing the file names. The file names are obfuscated containing about 30 alphanumeric digits, bit still this does not feel good.
Is my concern valid, and if it is how can I best solve this?
回答1:
I think it depends on the sensitivity of the information in the files.
To bruteforce a 30 character alphanum filename, assuming 36 values per char (only lowercase letter plus 0-9), possible combinations are 36 ** 30:
48,873,677,980,689,257,489,322,752,273,774,603,865,660,850,176
4.887368e+46 in scientific notation
Assuming someone really really wants to steal your files and they have a botnet with 200 computers just checking the http response codes for each file at say 1,000 filenames a second per bot .. to get say one tenth of the file names would take:
(((36**30) / 10) / (1000*200) / 60 / 60 / 24 / 365) = 774,887,081,124,576,000,274,650,435,593,838 years
(roughly)
Unless your attacker is a really determined and well equipped government or something, or really really really ... lucky. I'd say don't worry about it.
Number of possible combinations in scientific notation:
- lowercase alphnum only: (26+10)**30 = 4.887368e+46
- Adding case sensitivity, giving 26+26+10 different characters: 5.912221e+53
- 256 bit encryption (also the length of your cloud files API key): 1.157921e+77
- 128 bit encryption: 3.402824e+38
- 56 bit (DES) encryption: 7.205759e+16
I know in your case you might have say 100,000 file names that you wouldn't want people to guess, whereas with the encryption there's only one answer, .. so even if you take 5 off of the exponent, you're still up there above 128 bit encryption.
If you're still worried:
- Maybe put the files in non-public cloud files containers, and serve them from the Cloud Server and force people to have > 30 character passwords :)
- add more possibly character types (maybe uppercase+lowercase) .. and increase the length of the file names
You could use '/' in the file names so that when they're downloaded they still have a nice name. eg. /whgwg/4y345yh3hy/543hgwhb/nice_name.jpg
so if you download it, it gets saved as nice_name.jpg and not some garbled horrible thing.
Also watch out for the CDN cache. If you use the public cloud files, they'll get pushed out to the CDN nodes and cached there. So suppose Mary uploads some country secrets by accident, they get pushed out the the CDN nodes, she deletes her upload, it'll still be available on the CDN for whatever your cache time for the folder is set to. You can use the CDN api to wipe it, but I wouldn't rely on that.
Finally .. make sure your numbers aren't guessable, like not incrementing .. should be totally random.
来源:https://stackoverflow.com/questions/8406513/how-to-serve-files-stored-in-cloud