 |
 |
 |
 |
|
|
Date: 08/31/99
- Next message: Jason Brooke: "Re: [PHP3] CGI Error"
- Previous message: Rasmus Lerdorf: "Re: [PHP3] CGI Error"
- Next in thread: se <email protected>: "Re: [PHP3] Uploaded files stored in Database or Filesystem?"
- Reply: se <email protected>: "Re: [PHP3] Uploaded files stored in Database or Filesystem?"
- Maybe reply: christopher wright: "Re: [PHP3] Uploaded files stored in Database or Filesystem?"
- Reply: Rasmus Lerdorf: "Re: [PHP3] Uploaded files stored in Database or Filesystem?"
- Maybe reply: Cameron Just: "Re: [PHP3] Uploaded files stored in Database or Filesystem?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
Say you have 1000+ users and they need to have the ability to upload and keep files on the server.
They would all have a certain quota of files stored on the server.
Now the big question is do I store them in the database or on the server.
Keeping in mind that users are authenticating not via header auth's(ie No authenticated Realms invovled).
They login via a form on a webpage. They are then issued a unique key which travels with them from page to page until they logout. Without this key they have no access to the system.(Don't concern with the security it is covered)
Now if I store the files in the filesystem they will be vulnerable to access by anyone.
Because
1) I never authenticate people to a realm. They are verified only by their unique key which travels in post and get variables. So there can be no .htaccess type protection on directories/files.
Plus I can't guarantee that the system will be running on a php module.
2) The files would have to be stored in the webtree to be visible via the web to the user.
But if I store them in the database they have the potential to slow down or crash the mysql server. As I have experienced with large files.
I used to see these messages going through the list a while back and I was of the impression that they should be stored in the filesystem. But now that I am in this predicament I am not sure of the proper solution.
I have checked the mail archives but only found peoples preference for one method or another.
No one seems to discuss the security of files issue.
Lastly.
If was to restrict users to a certain quota of files which would be easier for php to keep track of database or filesystem storage?
*************************************************************************
Cameron Just (C.Just <email protected>)
Web Development Unit
Information Technology Services
University of Queensland, St Lucia
(07) 3365 1598
*************************************************************************
-- PHP 3 Mailing List <http://www.php.net/> To unsubscribe, send an empty message to php3-unsubscribe <email protected> To subscribe to the digest, e-mail: php3-digest-subscribe <email protected> To search the mailing list archive, go to: http://www.php.net/mailsearch.php3 To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: Jason Brooke: "Re: [PHP3] CGI Error"
- Previous message: Rasmus Lerdorf: "Re: [PHP3] CGI Error"
- Next in thread: se <email protected>: "Re: [PHP3] Uploaded files stored in Database or Filesystem?"
- Reply: se <email protected>: "Re: [PHP3] Uploaded files stored in Database or Filesystem?"
- Maybe reply: christopher wright: "Re: [PHP3] Uploaded files stored in Database or Filesystem?"
- Reply: Rasmus Lerdorf: "Re: [PHP3] Uploaded files stored in Database or Filesystem?"
- Maybe reply: Cameron Just: "Re: [PHP3] Uploaded files stored in Database or Filesystem?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]