Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.The Open Worldwide Application Security Project, aka OWASP recommends in its File Upload Cheat Sheet that files uploaded to web applications are renamed by the application.
This module does that.
Features
This module renames all uploaded files to a random string comprised of characters a-z and 0-9.
The original extension will be kept.
Post-Installation
No post-installation configuration is necessary. Any files uploaded after the module is installed will be renamed.
Additional Requirements
None.
Recommended modules/libraries
None.
Similar projects
File (Field) Paths can be used with Token to randomize the names of files uploaded to file fields. However, it does not provide a mechanism for files uploaded via other mechanisms, for example via CKEditor into a rich text field.
Supporting organizations:
Initial development of module
Project information
- Project categories: Security
- Ecosystem: Security
16 sites report using this module- Created by eli-t on , updated
Stable releases for this project are covered by the security advisory policy.
Look for the shield icon below.
