Attachment hashing
The attachments are currently stored as attach_id-hash.elk Is there a reason for that? My guess is security through obscurity? In my recent sites we follow the laravel model of having a /public/ folder for accessible stuff and everything else is in the directory above. Our sites are all in git and we just use Apache virtual directory to point at where ever the public folder of the repo is on the server. It's pretty sweet. Then only public is exposed and we keep all kinds of development and testing resources in the non accessible upper folder.
So for example attachments would be one directory above public and out of the web root. The script reads them out and dumps to browser. Then instead of all the silly hashing we just use base 36 numbering to maximize the address (name) space. Any security is implemented in the access control layer (eg, who can read, for PMs maybe recipient, sender, and admin). It looks like the images are already dumped via php so this isn't a performance hit.
I'll have a look at how feasible as I get our test migration into git and deployed on a live server.
Re: Attachment hashing
Reply #2 –
That's my suspicion too. I fully imagine it's inherited from SMF. It's very 2008 php. I have not upgraded to elkarte 1.1.x so maybe it has changed.
Re: Attachment hashing
Reply #3 –
Nope 1.1 is still the same-ish ... 2.0 is where we have been discussing overhauling the attachments code which has kind of defied refactoring and may just needs to be redone. Its really true spaghetti.