Is storing Files (PDF, JPG, ect..) as blobs bad practice? Will it slow down server?
As the title states...
Is storing Files (PDF, JPG, ect..) as blobs bad practice? Will it slow down server? (Microsoft server with MySQl db)
I have a web server with 1000s of PDF files, ranging from 50kb to 20mb and above.
The client wants to store then as blobs, will this hurt server speed?
Is storing Files (PDF, JPG, ect..) as blobs bad practice? Will it slow down server? (Microsoft server with MySQl db)
I have a web server with 1000s of PDF files, ranging from 50kb to 20mb and above.
The client wants to store then as blobs, will this hurt server speed?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I think the better method would be to have a PHP handler which takes a filename. That handler should be behind the secure zone. Put all the PDFs in a directory not under the site's document tree, so they will be unaccessible except through this handler. When the handler is called, simply check for the filename (passed in $_GET), and send it if it exists.
ASKER
im not familar with php handler and just did a google search for them and didnt find anything that semed right.
do you have an example or perhaps know where i can read about them..
all files are uploaded by other users who use the site, they would have to be transfered as they were uploaded to the other area.
Also, don't you think the IIS could do something better and easier using alias's or folder permissions or something
do you have an example or perhaps know where i can read about them..
all files are uploaded by other users who use the site, they would have to be transfered as they were uploaded to the other area.
Also, don't you think the IIS could do something better and easier using alias's or folder permissions or something
How do the users upload the file? How does the site handle the file when it is uploaded? PHP is a server-side language, like ASP. Your app is very likely using PHP or ASP. By handler, I mean a PHP file that just handles data, as opposed to a PHP or HTML page which displays data to the user.
When you say you have a 'secured' area of your site, do you mean it is secured by an application, or by HTTP-based authentication? For example, do you have a login form on your site, or does browsing to the secure area generate a dialog box for login before anything is displayed?
When you say you have a 'secured' area of your site, do you mean it is secured by an application, or by HTTP-based authentication? For example, do you have a login form on your site, or does browsing to the secure area generate a dialog box for login before anything is displayed?
ASKER
the entire site is build by me, using php (i know how to program, i just don't know php terminology) most content is driven by mySQL.
the entire site is secured by php sessions , every page checks for an active session, and you cant get to any page without logging in, each session stores the users ID and security level and you see different menus/content based on that security level
the entire site is secured by php sessions , every page checks for an active session, and you cant get to any page without logging in, each session stores the users ID and security level and you see different menus/content based on that security level
Since your area is secured by the application, basing your security in IIS (via HTTP) is not really a good option. It would require you to duplicate your application's user list in .htpasswd files (or the IIS equivalent...I'm used to working with 'nix). That being the case, I have to stick with my original recommendation.
There may be other options for securing these files through IIS, but I'm not familiar enough with the service to assist. You already closed the question...do you want to explore this further?
There may be other options for securing these files through IIS, but I'm not familiar enough with the service to assist. You already closed the question...do you want to explore this further?
ASKER
Hello,
thanks for your help, i have built a download page which forces the user to download the document and hides the file path.
I actually have another thread open as the files are corrupt when downloaded.
https://www.experts-exchange.com/questions/23555421/php-forcing-document-download-causes-corruption.html?anchorAnswerId=21977473#a21977473
but i think i have some answers.
from the IIS end, the server admins dont really seem to be interested in doing anything, so researching that now appears to be a waste of time
thanks for your help, i have built a download page which forces the user to download the document and hides the file path.
I actually have another thread open as the files are corrupt when downloaded.
https://www.experts-exchange.com/questions/23555421/php-forcing-document-download-causes-corruption.html?anchorAnswerId=21977473#a21977473
but i think i have some answers.
from the IIS end, the server admins dont really seem to be interested in doing anything, so researching that now appears to be a waste of time
ASKER
it is a secure website, yet, if someone who is logged into the secure area, copies and pastes a link from the secure area and emails it out (file path to a PDF file for example) then the person receiving the email has access to the PDF file.
So, one method i was exploring was to possibly embed all the PDF files into the DB as blobs.
I have been told since that it is quite easily for the server admin to set up security in the IIS to prevent that, so im now looking into ways to do that, but it is a bit difficult for me to research as i have no server experience.