In my application, I have a provision for users to upload files like doc, xls, zip, etc. I would like to know how to store these files on my website and have only restricted people access it. I may have a group of people and let only these group access those uploaded files. I know that some may try to just copy the link to the document or the file and pass it to another (non-permitted) user and they can download it. So how can I prevent it? How can I check if the request to download the file was made by a legitimate user who has access to the file? The usernames of the group members are stored in the database along with the document name and location in the database so they can access it. But how do I prevent non-permitted users from being able to access that confidential data in all ways?
With the above in mind, how do I store these documents? Do I store the documents in a blob column in the Database or just just let user upload to a folder and merely store the path to the file in the database? The security of the documents is of utmost importance. So any procedure that could facilitate this feature would definitely help. I am not into Object Oriented programming so if you have 开发者_Python百科a simpler code that you would like to share with me, I would greatly appreciate it.
Also how do I archive documents that are old? Like say there are documents that are 1 year old and I want to conserve my website space by archiving them but still make them available to the user when they need it. How do I go about this?
Thank you.
Store them as a BLOB in the database. That way you can associate files to user groups and have security restrictions as you would normally do with users-related websites.
Decided to throw in an answer anyhow ;)
Here's a simple, but I think useful (haven't used it myself, just quickly found it for you) guide to uploading and downloading files to/from databases.
The uploading part of it looks good, but don't use the part of the download section that wants to echo links to the files - I don't think that's what you want. Echo the file contents immediately instead as the tutorial also describes, remembering to set the header.
精彩评论