Re: [PHP3] Uploaded files stored in Database or Filesystem? From: christopher wright (chris <email protected>)
Date: 08/31/99

What about using <file xyz> limits in .htaccess / httpd.conf ? Limits
display in the browser from direct calls by users, but allows php to access
and display.

Christopher

-----Original Message-----
From: Cameron Just <ccjust <email protected>>
To: php3 <email protected> <php3 <email protected>>
Date: 31 August 1999 06:58
Subject: [PHP3] Uploaded files stored in Database or Filesystem?

>Hi,
>
>Say you have 1000+ users and they need to have the ability to upload and
keep files on the server.
>They would all have a certain quota of files stored on the server.
>Now the big question is do I store them in the database or on the server.
>
>Keeping in mind that users are authenticating not via header auth's(ie No
authenticated Realms invovled).
>They login via a form on a webpage. They are then issued a unique key which
travels with them from page to page until they logout. Without this key they
have no access to the system.(Don't concern with the security it is covered)
>
>Now if I store the files in the filesystem they will be vulnerable to
access by anyone.
>Because
>1) I never authenticate people to a realm. They are verified only by their
unique key which travels in post and get variables. So there can be no
.htaccess type protection on directories/files.
>Plus I can't guarantee that the system will be running on a php module.
>2) The files would have to be stored in the webtree to be visible via the
web to the user.
>
>
>But if I store them in the database they have the potential to slow down or
crash the mysql server. As I have experienced with large files.
>
>
>I used to see these messages going through the list a while back and I was
of the impression that they should be stored in the filesystem. But now that
I am in this predicament I am not sure of the proper solution.
>I have checked the mail archives but only found peoples preference for one
method or another.
>No one seems to discuss the security of files issue.
>
>Lastly.
>
>If was to restrict users to a certain quota of files which would be easier
for php to keep track of database or filesystem storage?
>
>
>
>*************************************************************************
>Cameron Just (C.Just <email protected>)
>
>Web Development Unit
>Information Technology Services
>University of Queensland, St Lucia
>
>(07) 3365 1598
>*************************************************************************
>
>--
>PHP 3 Mailing List <http://www.php.net/>
>To unsubscribe, send an empty message to php3-unsubscribe <email protected>
>To subscribe to the digest, e-mail: php3-digest-subscribe <email protected>
>To search the mailing list archive, go to:
http://www.php.net/mailsearch.php3
>To contact the list administrators, e-mail: php-list-admin <email protected>
> 

-- 
PHP 3 Mailing List <http://www.php.net/>
To unsubscribe, send an empty message to php3-unsubscribe <email protected>
To subscribe to the digest, e-mail: php3-digest-subscribe <email protected>
To search the mailing list archive, go to: http://www.php.net/mailsearch.php3
To contact the list administrators, e-mail: php-list-admin <email protected>