[tpm] Where to store file attachemnts

Adam Prime adam.prime at utoronto.ca
Mon Mar 23 14:26:57 PDT 2009


I'd suggest not putting them in the database.  I personally would 
probably put them in a normal directory on the site, not in cgi-bin. 
It'd probably be wise to make the directory configurable.  At most i'd 
include a path to the file in the DB, but if possible, i'd actually 
rename all the files into a naming convention that identifies what they 
are associated with.

here's a link to a somewhat related thread on the mod_perl mailing list:

http://marc.info/?t=122271515400003&r=1&w=2

which might be worth a read.  It's about images, but it applies to any 
sort of binary you might be thinking of stuffing into a blob.

Adam

Indy Singh wrote:
> Hi all,
> 
> I am working on a forum-like web application that needs to allow users 
> to upload and download file attachments.  The application uses Apache 
> MySql and Perl.  A user would view a topic as a web page, similar to a 
> Perlmonks node.  There would be links on the web page to any 
> attachments.  The ability to view a given attachment should be limited 
> to the user who owns it and the administrators.  Although the server is 
> Apache, I want to have minimal reliance on Apache specific features like 
> URL rewriting, etc.
> 
> The design question I am wondering about is where to store the file 
> attachments.
> 
> The options that I can think of are:
> 1) Store the files in a folder below the apache htdocs directory.
> The links would then be URLS to the actual files.  When the user clicks 
> on a link, the Apache server and web browser would deal with downloading 
> or viewing of the file.  This is a simple implementation, the biggest 
> disadvantage is that there is no security on the file attachment.  I 
> suppose that you could add an effective password to the file by 
> effectively encoding the password as part of the URL.
> 
> 2) Store the files as mysql records.
> The CGI application would handle all the fetching and output of the file 
> data as well as checking permissions.  It would also have to deal with 
> sending the appropriate CGI headers.  This would make the database a lot 
> larger and slow down backup and restore.  It would also make it slower 
> to make a snapshot and copy of the database for downloading to a 
> test/development machine.
> 
> 3) Store the files in a data directory in the cgi-bin directory.
> The CGI application would handle all the fetching and output of the file 
> data as well as checking permissions.  It would also have to deal with 
> sending the appropriate CGI headers.  This would not affect the size of 
> the database.
> 
> Any comments or suggestions would be welcome.
> 
> Indy Singh
> IndigoSTAR Software -- www.indigostar.com
> 
> _______________________________________________
> toronto-pm mailing list
> toronto-pm at pm.org
> http://mail.pm.org/mailman/listinfo/toronto-pm



More information about the toronto-pm mailing list