diff --git a/storage/filesystem.go b/storage/filesystem.go
index f9bf934..e37a210 100644
--- a/storage/filesystem.go
+++ b/storage/filesystem.go
@@ -45,8 +45,8 @@ func (b *filesystemBackend) pathForContext(ctx context.Context) (string, error)
 	if !ok {
 		panic("Invalid data in auth context!")
 	}
-	//TODO sanitize user name or at least check if valid dir name?
-	path := filepath.Join(b.path, authCtx.UserName)
+	userDir := base64.RawStdEncoding.EncodeToString([]byte(authCtx.UserName))
+	path := filepath.Join(b.path, userDir)
 
 	_, err := os.Stat(path)
 	if os.IsNotExist(err) {