Solved

Storing files securely - database or filesystem

Posted on 2016-11-01
3
90 Views
Last Modified: 2016-11-03
Hi all,
I have a system in which trusted users can upload files to a systems.
The two appraochies Im considering are either storing the file data in a table as a blob, then having a PHP script put the file back together when its requested, or having them all stored in a non web accessible folder which is then served by a php script.

In terms of performance, Im guessing the web server option is best, but in terms of security which is best?

Thanks
0
Comment
Question by:Stephen Forlance
3 Comments
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 250 total points
ID: 41868499
If access to the site is adequately protected, either approach is fine with respect to security.  On the web server, you would put the upload directory outside of the WWW root directory tree.  This would make it possible for your PHP scripts to use the directory, but impossible for a client to write a URL that pointed directly to the files.  The only way to get to the files would be through the PHP scripts that implemented your security protections.

If you're thinking of using the database for file storage, I would urge you to rethink that.  The reasons go to performance and backup.  Both of these factors will be greatly impaired by having large blob columns in a database.
0
 
LVL 36

Assisted Solution

by:Loganathan Natarajan
Loganathan Natarajan earned 125 total points
ID: 41869570
Also, you can think to store the files in Cloud based storage like Amazon EC2 or MS Azure where it gives more security and performance to access the files.
0
 
LVL 51

Assisted Solution

by:Julian Hansen
Julian Hansen earned 125 total points
ID: 41869766
I would look at Amazon S3 - which does provide security. DropBox until recently ran off Amazon.
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Join & Write a Comment

This article discusses how to create an extensible mechanism for linked drop downs.
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now