[tpm] Where to store file attachments

Indy Singh indy at indigostar.com
Mon Mar 23 12:32:42 PDT 2009 

Hi all,

I am working on a forum-like web application that needs to allow users 
to upload and download file attachments.  The application uses Apache 
MySql and Perl.  A user would view a topic as a web page, similar to a 
Perlmonks node.  There would be links on the web page to any 
attachments.  The ability to view a given attachment should be limited 
to the user who owns it and the administrators.  Although the server is 
Apache, I want to have minimal reliance on Apache specific features like 
URL rewriting, etc.

The design question I am wondering about is where to store the file 
attachments.

The options that I can think of are:
1) Store the files in a folder below the apache htdocs directory.
The links would then be URLS to the actual files.  When the user clicks 
on a link, the Apache server and web browser would deal with downloading 
or viewing of the file.  This is a simple implementation, the biggest 
disadvantage is that there is no security on the file attachment.  I 
suppose that you could add an effective password to the file by 
effectively encoding the password as part of the URL.

2) Store the files as mysql records.
The CGI application would handle all the fetching and output of the file 
data as well as checking permissions.  It would also have to deal with 
sending the appropriate CGI headers.  This would make the database a lot 
larger and slow down backup and restore.  It would also make it slower 
to make a snapshot and copy of the database for downloading to a 
test/development machine.

3) Store the files in a data directory in the cgi-bin directory.
The CGI application would handle all the fetching and output of the file 
data as well as checking permissions.  It would also have to deal with 
sending the appropriate CGI headers.  This would not affect the size of 
the database.

Any comments or suggestions would be welcome.

Indy Singh
IndigoSTAR Software -- www.indigostar.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/toronto-pm/attachments/20090323/2b507d29/attachment.html>

More information about the toronto-pm mailing list