Make configurable length of shared link token

[savely-krasovsky]

For example now, I have this:
l33t.host/s/CpjUhnJuFEyMQzn

And we can have this:
l33t.host/s/AvJHo

But It's my personal service for maybe 1000 or 10000 (max!) shared files.
And for this aim even 4-5 characters is enough. Why 15?

In Owncloud we don't have theming, now we have, and it's very cool. So why not?

[MariusBluem]

But It's my personal service for maybe 1000 or 10000 (max!) shared files.

You are right, but there are some other users, using more than 1000 files and shares 😜 I think shortening the URL makes sense anyway. An option for personalize the URLs would be nice. I think of something like l33t.host/s/pictures-of-party.

If the URL is too long for your use (e.g. Twitter) you could also shrink the URL with a service like goo.gl 😉

[savely-krasovsky]

@Mar1u5 okay, lets use simple math.
We have common formula for combinations:

Where is n = 52 (count of letter in Latin alphabet: lowercase + uppercase) and k is length of our token.
So now lets calculate:
For 4 symbols:
=
270 725!
For 5 symbols:
=
2 598 960!
For 6 symbols:
=
20 358 520!
If you really so scary for some strange users that are using over 20 millions shared links (LOL), just set 6+ symbols by default. But for me even THREE symbols is enough (22 100 combinations!).

Now we have 15 symbols for 4 481 381 406 320 combinations. Almost 5 trillion? Really? Why?

[rullzer]

It is not only about the number of possible shares. It is also about security. You don't want people to be able to guess your tokens.

[savely-krasovsky]

@rullzer okay, we can show people some attentions about security and by default set 15.
And I don't understand: If you already create SHARED link WITHOUT password, you shouldn't scary about security... Or should?.. Sorry, It's illogic for me.

PS. Sorry for my bad English...

[rullzer]

Well a password is yet another thing to distribute.

With 15 tokens you are fairly safe to somebody even finding a link that works. It is all about reducing the attack vector.

[savely-krasovsky]

@rullzer I understand that it's reducing. But It's not the "critical security point", it's just a little plus to security. I think it should be customizable with some attentions. Why I have to use goo.gl, bit.ly and other such services if I already have short domain name that enough for me?

I use Nextcloud with ShareX for fast creating gifs, screenshots, videos, etc. An indispensable thing (just try!) And I always get those long links! This is the only negative.

[MariusBluem]

If you already have a short domain name, https://yourls.org could be a workaround ... this is for hosting your own URL shortener. Maybe you could also develop an proper integration as an app 😉

[rullzer]

I get that it is one of things that is nice to have. but it is another configuration variable in the matrix. With the potential downside that if people mess up (and people will mess up) exposed data.

I agree with @Mar1u5 that an app that does shortning would be better.

[savely-krasovsky]

@Mar1u5 thanks for idea with yourls.org. Just installed it on my server. With ShareX I automated it: