Security through obscurity

How safe is your online content? If you’re a business and you’re storing data online this has to be a question you’ve asked and if it’s not you really should.

Traditionally a username and password have been the tools used to keep private data secure. Viewed through the browser window these measures look the same from one site to another but in the background they differ massively. It’s almost inevitable that a website you’re using will be storing your password unencrypted on a server with inadequate protection. Only today having registered some software online I received an email including not just my username but also my password! It’s this kind of poor practice which makes the use of multiple passwords essential.

That’s no the only problem with passwords though, they’re also a massive pain in the ass if you want to get somewhere quickly.

So when it came to securing file uploads at Publicate we opted for the route chosen by Dropbox and Google, that is security through obscurity. Essentially content links are made up of 25 random characters chosen from a pool of 66 possibles. That’s 66^25 possible URLs which means you’ve got a 1 in 3,080,338,100,000,000,000,152,336,376,976,472,888,592,912,584 chance of guessing the location of a specific file. That’s not to say you won’t guess one first try, but it is sufficiently unlikely to remove the need for a password.