• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2882
  • Last Modified:

Storing PDF and WORD docs in MySQL Database

I need to upload pdf and word documents to my web server so that users, once they are logged in, can view them.

I am not sure if stuffing these docs into a MySQL database is the best way to do this or if I should just store the link to the file in the database.

My fear with the second option (just storing the link) is that someone will stumble across the document who is not logged in and, therefore, not authorized to view it.

Is there a way to keep someone from stumbling across these documents?  Should I even be worried about this if I store the docs several directories deep?

Any help would be GREATLY appreciated! Thanks!!
0
biffsmith
Asked:
biffsmith
1 Solution
 
jrb1Commented:
Hi biffsmith,

Yes, that is a difficult issue (file in directory vs. stored in DB).  We have started to store documents directly in the database, and things work pretty well.  Here's an example of code for MySQL:

http://dev.mysql.com/tech-resources/articles/vb-blob-handling.html

Dim rs As  ADODB.Recordset
Set rs = New ADODB.Recordset
Dim mystream As ADODB.Stream
Set mystream = New ADODB.Stream
mystream.Type = adTypeBinary

rs.Open "SELECT * FROM files WHERE 1=0", conn, adOpenStatic, adLockOptimistic
rs.AddNew

We now have an empty recordset (thanks to the WHERE clause) to work with, to which we have added a new row. Next we load a file to add to this recordset using the stream object.

mystream.Open
mystream.LoadFromFile "c:\\myimage.gif"

rs!file_name = "myimage.gif"
rs!file_size = mystream.size
rs!file = mystream.read
rs.Update
mystream.Close
rs.Close
conn.Close

Also a Java program dealing with this:

http://www.informit.com/guides/content.asp?g=java&seqNum=166&rl=1

Regards,
John
0
 
todd_farmerCommented:
One way to prevent direct access to the documents is to provide a proxy application that serves them up.  In Java, for instance, you could store the files to a path outside of the application server (not directly accessible), and when a request is made to a servlet, open the file through an input stream and pipe the bytes out in the response.
0
 
jar3817Commented:
I do something similar for a photo archive at my school. I just keep metadata in mysql like the name, size, dimensions, search keywords, etc. I keep the pictures in the filesystem but use an md5 hash as the filename. The hash is based on the contents of the file itself, so should there ever be a name conflict it means that the file already exists and should not be re-added. The names are also around 25 characters (or so) and are basically random so the chances of someone stumbling on a valid url to a document are slim to none.

I felt this was a better setup than having 1 huge database, but that is just me.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now