-3

I am creating a JS/Node program that lets users at a public kiosk save an image to a public AWS S3 bucket. They then enter their own email address and we send them an email with a link to that image so that they can retrieve it once they get home.

The entire S3 bucket needs to be public so that users can easily view their own individual image. However, I want to make it unlikely that visitors could guess another image's filename, viewing another person's image. This is more of a light privacy concern than a security concern.

How can I use JS to randomly generate the alphanumeric filename? How long should the filename be?

bryan kennedy
  • 6,969
  • 5
  • 43
  • 64
  • 2
    You could use a global unique indentifier as part of the filename. Search around for it here on SO. There's multiple answers with small and longer scripts to create a GUID, each with pros and cons – Shilly Jul 14 '16 at 14:43
  • Thanks for that. GUID was exactly what I was looking for. I wasn't familiar with that term and now that I know it I'm seeing a ton of useful answers. Makes me wonder if I should delete the question or leave it up as a reference to that search term for other ignorant folks like myself... – bryan kennedy Jul 14 '16 at 14:46

2 Answers2

3

1) You really shouldn't do this with filenames. You'd be better off generating a pre-signed url for the object in S3 that expires, in, say a couple of days, and sending that to their email. That way the file will be truly private to them, and you don't have to make the bucket public.

See the documentation here: http://docs.aws.amazon.com/AmazonS3/latest/dev/ShareObjectPreSignedURL.html

2) That said, if you really just want to generate a long random string, the traditional way to do so with a UUID. You can do this in Node with the node-uuid package. For example, require('node-uuid').v4(); will generate a random UUID.

Michael Helvey
  • 3,843
  • 22
  • 19
0

I think Math.random would be a good choice:

function getRandomName() {
  return parseInt((Math.random() * 10000000000000000000)).toString(36)
}

console.log(getRandomName());
console.log(getRandomName());
console.log(getRandomName());
Morteza Tourani
  • 3,506
  • 5
  • 41
  • 48