Don't use true filenames on your server
In a recent meeting with the Dokeos 2.0 team, I realized that sometimes things are not quite evident. One of these cases that can only be understood with experience is that there's no use in allowing a user to upload files and keep the true filenames on the server's disk. In fact, it is quite a bigger problem to do that instead of changing the filenames and storing files as hashes.