Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Storing files securely - database or filesystem

Posted on 2016-11-01
3
Medium Priority
?
147 Views
Last Modified: 2016-11-03
Hi all,
I have a system in which trusted users can upload files to a systems.
The two appraochies Im considering are either storing the file data in a table as a blob, then having a PHP script put the file back together when its requested, or having them all stored in a non web accessible folder which is then served by a php script.

In terms of performance, Im guessing the web server option is best, but in terms of security which is best?

Thanks
0
Comment
Question by:Stephen Forlance
3 Comments
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 1000 total points
ID: 41868499
If access to the site is adequately protected, either approach is fine with respect to security.  On the web server, you would put the upload directory outside of the WWW root directory tree.  This would make it possible for your PHP scripts to use the directory, but impossible for a client to write a URL that pointed directly to the files.  The only way to get to the files would be through the PHP scripts that implemented your security protections.

If you're thinking of using the database for file storage, I would urge you to rethink that.  The reasons go to performance and backup.  Both of these factors will be greatly impaired by having large blob columns in a database.
0
 
LVL 36

Assisted Solution

by:Loganathan Natarajan
Loganathan Natarajan earned 500 total points
ID: 41869570
Also, you can think to store the files in Cloud based storage like Amazon EC2 or MS Azure where it gives more security and performance to access the files.
0
 
LVL 60

Assisted Solution

by:Julian Hansen
Julian Hansen earned 500 total points
ID: 41869766
I would look at Amazon S3 - which does provide security. DropBox until recently ran off Amazon.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like me and like multiple layers of protection, read on!
Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.
The viewer will learn how to dynamically set the form action using jQuery.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question