What would be the best way to create a secure, temporary Delete File Link?
Say if there is no user account, but someone uploads a file and later wants to delete it.
A delete link is generated for them with a key hash:
example.com\page\myfile.jpg?delete="4Qcp4wTq2UQFR3NiRpGgXCsgQVqT"
If the query hash matches the one in the database, then PHP/Laravel will delete the file and DB record:
File::delete($file);
$record->delete();
Google Drive uses a 28 random character url for secure file sharing. That's where I got the idea, but I'm not sure if that's how it's actually supposed to be done or if there are more steps required.
How likely is it that someone or a bot can guess that url or visit it by accident?
Should the key hash also match a session id and then no longer be active after session expires?
via Matt McManis
