tags:

views:

274

answers:

2
+4  Q: 

Best practices for storing uploaded files in filesystem

What is the best practices regarding storing files uploaded from users?

Currently, I am during the following method for storing files:

<web_app_root>/course_material/<term_id>/<course_id>/<file_id>

As you can see, the files are stored according to the keys in the database. I thought this was safer, since I wouldn't have to filter filenames and turn unsafe characters into safe characters.

However, I am starting a new project and wanted to know if it was a bad idea to tie a web app's filesystem so closely with a database. Should I store files in a more human readable format?

<web_app_root>/course_material/<term_name_underscored>/<course_name_underscored>/<file_name_underscored>

If so, what are the best ways to filter out filenames to be safe? Or is the way I am currently doing it a best practice?

+1  A: 

I've always just stored the files in a directory with unique GUID based filenames, and mapped the guid to the file in the DB. As long as you're not manually browsing the files and such, this is probably the easiest solution (also gets around invalid chars).

Another option is storing them as BLOBS in the database. I've also done this - but it was to fill a replicated DR scenario, which modern NAS devices should handle.

If you see the need to manually browse the files outside of the app for some reason, then using the long or short name (however you'd like to browse them) would be cleaner.

TheSoftwareJedi  2008-12-01 19:15:20
A: 

I suggest you to take then out of the web_app_root.

I like the way you're doing in the first example.

 2008-12-01 19:27:35
As long as the file directory is out of the htdocs directory, everything should be fine right? I just want to keep everything related to a specific project in its own directory.
rlorenzo  2008-12-02 01:23:37
Indeed talking about security. But a separated disc is the better solution imho.
 2008-12-03 15:51:10

related questions

How do I check if a file exists using Python?
What is the Bash command to create a hardlink to a directory in OS X?
File storing strategies for a web hosting website
what is the difference between file modification time and file changed time?
Bursty writes to SD/USB stalling my time-critical apps on embedded Linux
Is it possible to offline a disk in a raidz zfs pool?
Does Java impose any further restrictions on filenames other than the underlying operating system?
Getting Information From Master File Table on Windows
File system info - how to query it?
How to see if a subfile of a directory has changed
Files on Windows and Contiguous Sectors
Unmovable Files on Windows XP
Physical Sectors Used by File on Windows XP
Copy a file without using the windows file cache
What steps can I give a windows user to make a given file writeable
What makes the Unix file system more superior to the Windows file system?
Monitoring files - how to know when a file is complete
Get `df` to show updated information on FreeBSD
C++ : Opening a file in non exclusive mode
How do I read in the contents of a directory in Perl?
Cross platform file-access tracking
'lsof' equivalent for windows
Storing a file in a database as opposed to the file system?
What is a better file copy alternative than the Windows default?
How do I delete a file which is locked by another process in C#?