All geek questions in one place

Where to store user uploaded files in asp.net MVC 4 webapp?

Im creating an MVC4 application using a separate multi-user database architecture. Customers also have the ability to upload files (mainly 1-5 MB, text files / documents).

I came to the conclusion that it is better to store files in the file system, storing metadata in the database (a separate folder for each client), however I do not know where to store the files. Does MVC have special places for this? Or should I just create a folder on the server somewhere.

And does it create folders like this by default?

Thanks!

+6
source share
2 answers

Well, I would like to advise the following: Gitzerai has already thought about a lot.

Gitzerai, you may find here something that you missed when creating a solution for your applications.

Anyway,

you can upload files to the file system, but there are a few things you need to follow.

  • Make sure that the account running the IIS application pool has only read and write permissions to this folder and is not executed under any circumstances

  • Check file extension and ban and executable files (.exe, .dll, etc.)

  • Store files without the extension or with some extension .zzz just in case. When a user needs to download a file, you can dynamically set it to the original extension

  • Use only one folder to store all manually created files. Avoid creating dynamically dynamic folders if they are not needed.

  • Create a separate application that will sometimes perform integrity checks on records in database files and files in the file system.

+8
source

Personally, I would say that such a solution should be based on your application requirements.

When I create a simple downloadable application, I always use DB = metadata; File itself = file system, since I have a module that I implement for each application like this, and this is a simple approach to the approach. This can lead to security problems, especially with an access server for several users / applications, where the β€œfolder access” security should be maintained at the root folder level with strictly defined permissions (not chmod 777 all :-)) So far I have not had one question with this approach. External access is associated with an external guid for a specific file.

For a multi-tenant environment, my file databases (or s, I call them media databases) also contain the CDN URL, that is, the server address that physically hosts the file, and the file is served by HttpHandler. Again, I can imagine a safer and more flexible way, but so far this has never failed me, and I know about the problems that he supports in this solution, and I'm fine with that.

But since this is an interesting topic for me, I would love to hear if someone offers other solutions when it comes to registration.

+4
source

Source: https://habr.com/ru/post/956081/

More articles:


All Articles