The code currently uses UUID identifiers to refer to uploads. UUIDs were chosen as they have two qualities:
They're unique, preventing duplicates
They are random (and therefore used to prevent people from guessing a value)
It seems that the last part might is not necessarily provide as much security as that was assumed when creating this code. UUID's implementation does not add that much randomness into its value. See https://neilmadden.blog/2018/08/30/moving-away-from-uuids/
It should be considered to replace (or augment) the usage of UUID to improve the security aspect of things. Care should be taken to not compromise the uniqueness-aspect of the identifier that's used.
The code currently uses UUID identifiers to refer to uploads. UUIDs were chosen as they have two qualities:
It seems that the last part might is not necessarily provide as much security as that was assumed when creating this code. UUID's implementation does not add that much randomness into its value. See https://neilmadden.blog/2018/08/30/moving-away-from-uuids/
It should be considered to replace (or augment) the usage of UUID to improve the security aspect of things. Care should be taken to not compromise the uniqueness-aspect of the identifier that's used.