Results 1 to 13 of 13
-
11-05-2006, 05:45 AM #1Web Hosting Master
- Join Date
- Nov 2005
- Location
- USA
- Posts
- 884
save pdf files into mysql!!! is that possible
Can you save pdf files into mysql!!! is that possible?
Is this secure? is it better than having an fread from a none accessible file location to retreive files from?GS RichCopy 360 Enterprise - Voted #1 for data migration and replication in terms of performance and features. Replicate data across between servers in the same network, WAN, or even across the internet - Many customer call it RSync for Windows
-
11-05-2006, 06:14 AM #2Web Hosting Master
- Join Date
- Aug 2005
- Location
- UK
- Posts
- 654
Its very possiable, you could use a BLOB data type. Its not a good idea though, prefomance would be teriable.
It would be a better to store the path to a file in the MySQL table and have php read and output that file. Even better you could make a Rewrite map files and have php add and remove entrys, that is really only worth it if you have a lot of trafic on these files though.
-
11-05-2006, 10:48 AM #3Web Hosting Master
- Join Date
- Mar 2006
- Posts
- 984
By storing it's filename into your mySQL database table name, it should be secured enough to retrieve it when needed. However, if you're looking for to retrieve your PDF filename under a secured method, I'd recommend masking your dir names under queries. The only disadvantage is that it's using a little bit more PHP ressources. Althought, it does save you lots of trouble.
-
11-05-2006, 12:39 PM #4Web Hosting Master
- Join Date
- Nov 2001
- Location
- Vancouver
- Posts
- 2,422
Storing PDF files in a database is possible, but I wouldn't unless you have a very good reason to do so. Merely asking the question suggests you do not.
“Even those who arrange and design shrubberies are under
considerable economic stress at this period in history.”
-
11-05-2006, 01:26 PM #5Web Hosting Master
- Join Date
- Nov 2005
- Location
- USA
- Posts
- 884
thank you all.... So I think this is what I will do:
1) save the files away from the public html.
2) save the location to the files in mysql
3) php will get the file location and read it.
(this is secure correct?GS RichCopy 360 Enterprise - Voted #1 for data migration and replication in terms of performance and features. Replicate data across between servers in the same network, WAN, or even across the internet - Many customer call it RSync for Windows
-
11-05-2006, 01:38 PM #6Web Hosting Master
- Join Date
- Nov 2001
- Location
- Vancouver
- Posts
- 2,422
Yes, that's a secure APPROACH.
But whether the end result is secure depends on your IMPLEMENTATION.
Be particularly careful about how you deal with path names, particularly if user input is used to construct them in any way. You don't want to open up the possibility for a malicious user to add, for example, something like this '../../../' into a path, or '/etc/passwd;'.
Just keep security in mind when designing your system and coding it.“Even those who arrange and design shrubberies are under
considerable economic stress at this period in history.”
-
11-05-2006, 03:04 PM #7Web Hosting Master
- Join Date
- Nov 2005
- Location
- USA
- Posts
- 884
the links will be provided to the user..... the user will have no input as far as file locations.... the only input is username and password
GS RichCopy 360 Enterprise - Voted #1 for data migration and replication in terms of performance and features. Replicate data across between servers in the same network, WAN, or even across the internet - Many customer call it RSync for Windows
-
11-06-2006, 10:29 AM #8Web Hosting Master
- Join Date
- Aug 2005
- Location
- UK
- Posts
- 654
Originally Posted by ITAhmed
-
11-06-2006, 11:49 AM #9Web Hosting Master
- Join Date
- Nov 2005
- Location
- USA
- Posts
- 884
MySQL would not be exposed to the internet... only the webserver has access to it
GS RichCopy 360 Enterprise - Voted #1 for data migration and replication in terms of performance and features. Replicate data across between servers in the same network, WAN, or even across the internet - Many customer call it RSync for Windows
-
11-06-2006, 12:09 PM #10Web Hosting Master
- Join Date
- Aug 2005
- Location
- UK
- Posts
- 654
I didn't mean people could connect to your database. What I mean was if the links you make are like https://yourdoamin/getfile.php?id=Bob'sfile.
Any one could request that URL, if you told them the URL or not. Your getfile.php needs to validate requests as well as the PHP file that generates these links.
You have to think about every posiablity with systems like these.
-
11-06-2006, 12:16 PM #11Web Hosting Master
- Join Date
- Nov 2005
- Location
- USA
- Posts
- 884
Oh I see.... I have found a better way.... I was going to have pre-select buttons that would do a post call as opposed to a get action. that would be safer.... you agree?
GS RichCopy 360 Enterprise - Voted #1 for data migration and replication in terms of performance and features. Replicate data across between servers in the same network, WAN, or even across the internet - Many customer call it RSync for Windows
-
11-06-2006, 12:32 PM #12Web Hosting Master
- Join Date
- Aug 2005
- Location
- UK
- Posts
- 654
As long as all the scripts validate the clients identity then ethier method would be safe. Without that step your method would still be "unsafe".
-
11-06-2006, 12:40 PM #13Web Hosting Master
- Join Date
- Nov 2005
- Location
- USA
- Posts
- 884
Certainly. Identity checked on all pages.
GS RichCopy 360 Enterprise - Voted #1 for data migration and replication in terms of performance and features. Replicate data across between servers in the same network, WAN, or even across the internet - Many customer call it RSync for Windows