Link to home
Start Free TrialLog in
Avatar of biffsmith
biffsmith

asked on

Storing PDF and WORD docs in MySQL Database

I need to upload pdf and word documents to my web server so that users, once they are logged in, can view them.

I am not sure if stuffing these docs into a MySQL database is the best way to do this or if I should just store the link to the file in the database.

My fear with the second option (just storing the link) is that someone will stumble across the document who is not logged in and, therefore, not authorized to view it.

Is there a way to keep someone from stumbling across these documents?  Should I even be worried about this if I store the docs several directories deep?

Any help would be GREATLY appreciated! Thanks!!
ASKER CERTIFIED SOLUTION
Avatar of jrb1
jrb1
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
One way to prevent direct access to the documents is to provide a proxy application that serves them up.  In Java, for instance, you could store the files to a path outside of the application server (not directly accessible), and when a request is made to a servlet, open the file through an input stream and pipe the bytes out in the response.
Avatar of jar3817
jar3817

I do something similar for a photo archive at my school. I just keep metadata in mysql like the name, size, dimensions, search keywords, etc. I keep the pictures in the filesystem but use an md5 hash as the filename. The hash is based on the contents of the file itself, so should there ever be a name conflict it means that the file already exists and should not be re-added. The names are also around 25 characters (or so) and are basically random so the chances of someone stumbling on a valid url to a document are slim to none.

I felt this was a better setup than having 1 huge database, but that is just me.