RE: RE: RE: Re: File Upload Security Question

Personally, I'm inclined not to store the actual file contents in the database, because I feel that it complicates matters. My preference is to store the path to the file in the database, as well as any metadata about that file, then just store the file in the filesystem itself.

When you want to serve a file (I assume you mean over an HTTP connection), you can just set up a script to grab the filename from the db, grab the metadata, etc. I'm pretty sure you could then just issue the correct Content-Type, then open up the file and spit it out to the browser. Be sure to use binmode if you're running on a Windows machine (or one that makes a distinction between text and binary files).

Comment on RE: RE: RE: Re: File Upload Security Question

Replies are listed 'Best First'.
RE: RE: RE: RE: Re: File Upload Security Question by Ovid (Cardinal) on Jun 12, 2000 at 07:34 UTC
Well, I can skip binmode as the scripts are running on a Linux box. I'm not sure what you mean by issuing the correct Content-Type. Are you meaning that I need to do that if I serve it from the database? By saving the file directly to a Web-accessible directory, I thought the server would handle that when the users clicked on a link to the file. Which raises another question: How do I determine the content-type of an uploaded file? Obviously it's not a simple case of checking the extension (since Macs don't use them).	[reply]
RE: RE: RE: RE: RE: Re: File Upload Security Question by btrott (Parson) on Jun 12, 2000 at 07:43 UTC
`> I'm not sure what you mean by issuing the correct > Content-Type. Are you meaning that I need to do that > if I serve it from the database? By saving the file > directly to a Web-accessible directory, I thought the > server would handle that when the users clicked on > a link to the file.` [download] No... if you let the webserver handle the file, you should have no problems so long as your mime types are configured properly. I meant if you put the files in a non-web-accessible directory and handled pushing out the files yourself.	[reply] [d/l]