<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.6000.16809" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>Hi all,<BR><BR>I am working on a forum-like web
application that needs to allow users <BR>to upload and download file
attachments. The application uses Apache <BR>MySql and Perl. A user
would view a topic as a web page, similar to a <BR>Perlmonks node. There
would be links on the web page to any <BR>attachments. The ability to view
a given attachment should be limited <BR>to the user who owns it and the
administrators. Although the server is <BR>Apache, I want to have minimal
reliance on Apache specific features like <BR>URL rewriting, etc.<BR><BR>The
design question I am wondering about is where to store the file
<BR>attachments.<BR><BR>The options that I can think of are:<BR>1) Store the
files in a folder below the apache htdocs directory.<BR>The links would then be
URLS to the actual files. When the user clicks <BR>on a link, the Apache
server and web browser would deal with downloading <BR>or viewing of the
file. This is a simple implementation, the biggest <BR>disadvantage is
that there is no security on the file attachment. I <BR>suppose that you
could add an effective password to the file by <BR>effectively encoding the
password as part of the URL.<BR><BR>2) Store the files as mysql records.<BR>The
CGI application would handle all the fetching and output of the file <BR>data as
well as checking permissions. It would also have to deal with <BR>sending
the appropriate CGI headers. This would make the database a lot <BR>larger
and slow down backup and restore. It would also make it slower <BR>to make
a snapshot and copy of the database for downloading to a <BR>test/development
machine.<BR><BR>3) Store the files in a data directory in the cgi-bin
directory.<BR>The CGI application would handle all the fetching and output of
the file <BR>data as well as checking permissions. It would also have to
deal with <BR>sending the appropriate CGI headers. This would not affect
the size of <BR>the database.<BR><BR>Any comments or suggestions would be
welcome.<BR><BR>Indy Singh<BR>IndigoSTAR Software -- <A
href="http://www.indigostar.com/">www.indigostar.com</A><BR></BODY></HTML>