Security with respect to folder naming and UserId


#1

I’m creating a site where users can upload artwork which other users can view and add comments. I’m currently using Slingshot to upload images to S3 and it works great. I’m trying to figure out the best practices for naming and folder structure on S3. I was thinking each user could have a folder named with their Meteor UserId and it would hold all their uploaded files. This would be very easy to implement and would simplify maintenance.

Is this a security issue because other users could see the UserId when they inspected an image’s source? Also are there any performance issues if an S3 folder has too many files?