in reply to Designing storage of uploaded files

With thousands of potential users uploading files to a common area, you will run into collisions. Why not allow them to have their own directory (that is their user name) and store their files there. Personally, i don't like BLOBS - just use the filesystem. I would adopt the system that PAUSE uses for colliding file names as well:
Please, make sure your filename contains a version number. For security reasons you will never be able to upload a file with the same name again (not even after deleting it).
Sounds a lot easier than trying to juggle cats, which is what you might end up doing with the system you propose.

UPDATE (10 or so hours later) ...

Last night in the CB we discussed this further and you mentioned that your site does not currently offer users to register for accounts. If it were up to me, i would concentrate on getting user accounts up and running first. Here is why:

First, it's not that hard. maverick, JackHammer, bliz, and myself (under the management of eduardo) built an authentication site (that also offered customizable authorization) in 3 days using nothing but CPAN modules from the Apache::Auth family. It is not that hard and does not take a terribly long time to do. (And to be honest, instead of that, i would consider using a content management tool such as Slash or even PostNuke.)

Second, you mentioned that you plan on adding this functionality at a later point in time. Why not do it now? This is something i keep asking you time and time again. Why not do it now? What is going to happen to this system when you do add users to your site? You are going to have to modify your file upload code to accomodate them. Why not just do it now? I have witnessed your frustration at trying to port your existing CGI apps over to Apache::Registry when kind folks here at PM suggested you go straight to mod_perl. In the time it took you to work out countless bugs (and claim that the tool was broken) you could have first done some research and testing with smaller 'Hello world' type examples and had you site running under a more robust system. I have witnessed your frustration trying to coax CGI into output the HTML you wanted when i myself kept recommending a templating solution. In the time it took you to work out the kinks and intricacies of CGI.pm, you could have done a little homework and been up and running with HTML::Template, a little more and you could already have had site running with TT2. I recommend you drop this file upload feature and add users instead. It will be time well spent.

So, is there anything wrong with allowing anonymous users to upload files to your site? Of course not, not with the proper precautions. But, you are making more work for yourself in the long run, and you not practicing the art of True Laziness. I wish you well and hope your site is a success.

jeffa

L-LL-L--L-LL-L--L-LL-L--
-R--R-RR-R--R-RR-R--R-RR
B--B--B--B--B--B--B--B--
H---H---H---H---H---H---
(the triplet paradiddle with high-hat)
  • Comment on (jeffa) Re: Designing storage of uploaded files

In Section Seekers of Perl Wisdom