|
 |
asp_databases thread: ASP Uploading... and Deleting.
Message #1 by "Sebastian Pittari" <mailing@3...> on Tue, 26 Sep 2000 13:23:04 -0300
|
|
Hi,
I have an ASP app that make the uploading of imgs (gif or jpg) to the
server.
Now, the app puts the imgs in a folder of the harddisk. But I have now to
add the delete feature. I was planning to use xp_cmdshell or
CommandShellWithResults method... but i am concern about the security issues
of it.
I was thinking, maybe, put the imgs in the tables of my database, this
override my file system access security concern... but move it to the table
data consistency... I could create a dedicated table only for the binary img
data... and then manage deleting imgs from SQL itself.
What would be your advice, depending on your expertice? Should I use access
to the OpSys or stay in the SQL boundaries?
Thanks.
Sebs.
Message #2 by Imar Spaanjaars <Imar@S...> on Tue, 26 Sep 2000 20:07:35 +0200
|
|
How about a combination of this solution?
Here is a (common, I guess) scenario:
Store the location of the file in a column of your table, and save the
image (or any other file) to disk in a directory outside the webroot.
The advantage of this, is that you don't have to do some complicated BLOB
stuff. Just save the file, and add a reference to it in your database.
When the time has come to delete it, use the path in the database to decide
whether your user has rights to delete it.
If he/she does, you could use the FileSystemObject to delete the file. For
this to work, all you have to do is give the IUSR_Machine name access to
the folder ("change-rights" may be enough).
This solution saves you from a lot of trouble, while maintaining maximum
security.
Imar
At 01:23 PM 9/26/2000 -0300, you wrote:
>Hi,
>
>I have an ASP app that make the uploading of imgs (gif or jpg) to the
>server.
>Now, the app puts the imgs in a folder of the harddisk. But I have now to
>add the delete feature. I was planning to use xp_cmdshell or
>CommandShellWithResults method... but i am concern about the security issues
>of it.
>
>I was thinking, maybe, put the imgs in the tables of my database, this
>override my file system access security concern... but move it to the table
>data consistency... I could create a dedicated table only for the binary img
>data... and then manage deleting imgs from SQL itself.
>
>What would be your advice, depending on your expertice? Should I use access
>to the OpSys or stay in the SQL boundaries?
>
>Thanks.
>
>
>Sebs.
>
>
Message #3 by "Andrew Badera" <ab2@r...> on Tue, 26 Sep 2000 22:19:40 +0100
|
|
Why not avoid BLOBs and simply have a table with pointers to the images,
indicating whether they are active or should be deleted, then have another
app, VB maybe or perhaps Java, that "scans" the database on some sort of
regular basis and deletes files that are flagged for deletion, then
deletes the records of the deleted images, or updates it with a "deleted"
flag if it's a life table?
Message #4 by "yls" <yls177@h...> on Wed, 27 Sep 2000 19:07:19 +0800
|
|
what is BLOB thing???
Imar Spaanjaars <Imar@S...> wrote in message
news:14061@a..._databases...
>
> How about a combination of this solution?
>
> Here is a (common, I guess) scenario:
>
> Store the location of the file in a column of your table, and save the
> image (or any other file) to disk in a directory outside the webroot.
> The advantage of this, is that you don't have to do some complicated BLOB
> stuff. Just save the file, and add a reference to it in your database.
>
> When the time has come to delete it, use the path in the database to
decide
> whether your user has rights to delete it.
> If he/she does, you could use the FileSystemObject to delete the file. For
> this to work, all you have to do is give the IUSR_Machine name access to
> the folder ("change-rights" may be enough).
>
> This solution saves you from a lot of trouble, while maintaining maximum
> security.
>
> Imar
>
>
>
> At 01:23 PM 9/26/2000 -0300, you wrote:
> >Hi,
> >
> >I have an ASP app that make the uploading of imgs (gif or jpg) to the
> >server.
> >Now, the app puts the imgs in a folder of the harddisk. But I have now to
> >add the delete feature. I was planning to use xp_cmdshell or
> >CommandShellWithResults method... but i am concern about the security
issues
> >of it.
> >
> >I was thinking, maybe, put the imgs in the tables of my database, this
> >override my file system access security concern... but move it to the
table
> >data consistency... I could create a dedicated table only for the binary
img
> >data... and then manage deleting imgs from SQL itself.
> >
> >What would be your advice, depending on your expertice? Should I use
access
> >to the OpSys or stay in the SQL boundaries?
> >
> >Thanks.
> >
> >
> >Sebs.
> >
> >
>
>
Message #5 by "Curtis F. Barnett" <cfb@s...> on Wed, 27 Sep 2000 10:43:12 -0500
|
|
BLOB is a Binary Large OBject
> -----Original Message-----
> From: yls [mailto:yls177@h...]
> Sent: Wednesday, September 27, 2000 6:07 AM
> To: ASP Databases
> Subject: [asp_databases] Re: ASP Uploading... and Deleting.
>
>
> what is BLOB thing???
> Imar Spaanjaars <Imar@S...> wrote in message
> news:14061@a..._databases...
> >
> > How about a combination of this solution?
> >
> > Here is a (common, I guess) scenario:
> >
> > Store the location of the file in a column of your table, and save the
> > image (or any other file) to disk in a directory outside the webroot.
> > The advantage of this, is that you don't have to do some
> complicated BLOB
> > stuff. Just save the file, and add a reference to it in your database.
> >
> > When the time has come to delete it, use the path in the database to
> decide
> > whether your user has rights to delete it.
> > If he/she does, you could use the FileSystemObject to delete
> the file. For
> > this to work, all you have to do is give the IUSR_Machine name access to
> > the folder ("change-rights" may be enough).
> >
> > This solution saves you from a lot of trouble, while maintaining maximum
> > security.
> >
> > Imar
> >
> >
> >
> > At 01:23 PM 9/26/2000 -0300, you wrote:
> > >Hi,
> > >
> > >I have an ASP app that make the uploading of imgs (gif or jpg) to the
> > >server.
> > >Now, the app puts the imgs in a folder of the harddisk. But I
> have now to
> > >add the delete feature. I was planning to use xp_cmdshell or
> > >CommandShellWithResults method... but i am concern about the security
> issues
> > >of it.
> > >
> > >I was thinking, maybe, put the imgs in the tables of my database, this
> > >override my file system access security concern... but move it to the
> table
> > >data consistency... I could create a dedicated table only for
> the binary
> img
> > >data... and then manage deleting imgs from SQL itself.
> > >
> > >What would be your advice, depending on your expertice? Should I use
> access
> > >to the OpSys or stay in the SQL boundaries?
> > >
> > >Thanks.
> > >
> > >
> > >Sebs.
> > >
> > >
> >
> >
>
Message #6 by Imar Spaanjaars <Imar@S...> on Wed, 27 Sep 2000 18:18:10 +0200
|
|
BLOB = Binary Large OBject.
This is the datatype that can hold images etc.
Imar
At 07:07 PM 9/27/2000 +0800, you wrote:
>what is BLOB thing???
>Imar Spaanjaars <Imar@S...> wrote in message
>news:14061@a..._databases...
> >
> > How about a combination of this solution?
> >
> > Here is a (common, I guess) scenario:
> >
> > Store the location of the file in a column of your table, and save the
> > image (or any other file) to disk in a directory outside the webroot.
> > The advantage of this, is that you don't have to do some complicated BLOB
> > stuff. Just save the file, and add a reference to it in your database.
> >
> > When the time has come to delete it, use the path in the database to
>decide
> > whether your user has rights to delete it.
> > If he/she does, you could use the FileSystemObject to delete the file. For
> > this to work, all you have to do is give the IUSR_Machine name access to
> > the folder ("change-rights" may be enough).
> >
> > This solution saves you from a lot of trouble, while maintaining maximum
> > security.
> >
> > Imar
> >
> >
> >
> > At 01:23 PM 9/26/2000 -0300, you wrote:
> > >Hi,
> > >
> > >I have an ASP app that make the uploading of imgs (gif or jpg) to the
> > >server.
> > >Now, the app puts the imgs in a folder of the harddisk. But I have now to
> > >add the delete feature. I was planning to use xp_cmdshell or
> > >CommandShellWithResults method... but i am concern about the security
>issues
> > >of it.
> > >
> > >I was thinking, maybe, put the imgs in the tables of my database, this
> > >override my file system access security concern... but move it to the
>table
> > >data consistency... I could create a dedicated table only for the binary
>img
> > >data... and then manage deleting imgs from SQL itself.
> > >
> > >What would be your advice, depending on your expertice? Should I use
>access
> > >to the OpSys or stay in the SQL boundaries?
> > >
> > >Thanks.
> > >
> > >
> > >Sebs.
> > >
> > >
> >
> >
>
>
>
|
|
|
View Cart
