Solved

Storing files securely - database or filesystem

Posted on 2016-11-01
3
142 Views
Last Modified: 2016-11-03
Hi all,
I have a system in which trusted users can upload files to a systems.
The two appraochies Im considering are either storing the file data in a table as a blob, then having a PHP script put the file back together when its requested, or having them all stored in a non web accessible folder which is then served by a php script.

In terms of performance, Im guessing the web server option is best, but in terms of security which is best?

Thanks
0
Comment
Question by:Stephen Forlance
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 110

Accepted Solution

by:
Ray Paseur earned 250 total points
ID: 41868499
If access to the site is adequately protected, either approach is fine with respect to security.  On the web server, you would put the upload directory outside of the WWW root directory tree.  This would make it possible for your PHP scripts to use the directory, but impossible for a client to write a URL that pointed directly to the files.  The only way to get to the files would be through the PHP scripts that implemented your security protections.

If you're thinking of using the database for file storage, I would urge you to rethink that.  The reasons go to performance and backup.  Both of these factors will be greatly impaired by having large blob columns in a database.
0
 
LVL 36

Assisted Solution

by:Loganathan Natarajan
Loganathan Natarajan earned 125 total points
ID: 41869570
Also, you can think to store the files in Cloud based storage like Amazon EC2 or MS Azure where it gives more security and performance to access the files.
0
 
LVL 58

Assisted Solution

by:Julian Hansen
Julian Hansen earned 125 total points
ID: 41869766
I would look at Amazon S3 - which does provide security. DropBox until recently ran off Amazon.
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
A look at what happened in the Verizon cloud breach.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question