[tpm] Where to store file attachments

Liam R E Quin liam at holoweb.net
Mon Mar 23 16:52:35 PDT 2009

On Mon, 2009-03-23 at 15:32 -0400, Indy Singh wrote:
> The design question I am wondering about is where to store the file 
> attachments.
> The options that I can think of are:
> 1) Store the files in a folder below the apache htdocs directory.
> The links would then be URLS to the actual files.  When the user
> clicks 
> on a link, the Apache server and web browser would deal with
> downloading 
> or viewing of the file.  This is a simple implementation, the biggest 
> disadvantage is that there is no security on the file attachment.  I 
> suppose that you could add an effective password to the file by 
> effectively encoding the password as part of the URL.
You can also use .htaccess to prevent access to the files by http.

> 2) Store the files as mysql records.
Don't do this :)

> 3) Store the files in a data directory in the cgi-bin directory.
The cgi-bin directory is presumably  in the apache filespace somewhere,
so this is really the same as (1).

But it is the variant I'd use myself.  the CGI script (and/or a
cron job) can manage a cache and remove outdated files, too.


Liam Quin - XML Activity Lead, W3C, http://www.w3.org/People/Quin/
Pictures from old books: http://fromoldbooks.org/
Ankh: irc.sorcery.net irc.gnome.org www.advogato.org

More information about the toronto-pm mailing list