On Tue, 2016-12-20 at 11:23 -0800, Bryce Harrington wrote:
I suppose it's probably worth thinking about how to make the website handle it better (main worry I guess would be an attacker pre- uploading a file with the name we'll be using for a future release), but for now yeah we can just adopt that as practice. Also we know now to doublecheck the link in case this happens again.
There's a way to replace the specific functionality that does the rename and some projects opt for doing a directory instead. considering the large number of files, I think a random prefix directory might be a good idea anyway. Maybe a hash of the current time of the day (but not date) that way you'd have to hit the 'exact' time in seconds (or ms) of the previous uploaded file and we could just advance the time by a second until a slot is valid.
I should have commented this to the bug report. Sorry!
Martin,