• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Best Practice for storing PDF docs

Explorer ,
Mar 14, 2008 Mar 14, 2008

Copy link to clipboard

Copied

My client has a number of PDF documents for handouts that go with his consulting business. He wants logged in users to be able to download the PDF docs for handouts at training. The question is, what is the 'Best Practice' for storing/accessing these PDF files?

I'm using CF/MySQL to put everything else together and my thought was to store the PDF files in the db. Except! there seems to be a great deal of talk about BLOBs and storing files this way being inefficient.

How do I make it so my client can use the admin tool to upload the information about the files and the files themselves, not store them in the db but still be able to find them when the user want's to download them?
TOPICS
Advanced techniques

Views

2.0K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Contributor ,
Mar 20, 2008 Mar 20, 2008

Copy link to clipboard

Copied

I would suggest to upload PDF files with normal file upload and save the file references in DB not the direct files.

You would have a database which contains file locations to generate dynamic links.

You can either put the files in a subdirectory in your webroot or directly refer the files with URLs or outside of the webroot and push the required files with cfcontent etc.



Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Mar 24, 2008 Mar 24, 2008

Copy link to clipboard

Copied

Hi,

My opinion is to keep the files in the outside of the webroot and create a virtual directory for downlaod the files.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Mar 24, 2008 Mar 24, 2008

Copy link to clipboard

Copied

I would enable the PDFs to be uploaded to a directory outside the webroot. Only logged in users will be allowed to download them.



Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Apr 02, 2008 Apr 02, 2008

Copy link to clipboard

Copied

Just out of curiousity... what are the reasons for storing the files outside the webroot using a virtual dir?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Apr 03, 2008 Apr 03, 2008

Copy link to clipboard

Copied

Hi,

While you are storing the files out side of the webroot it will be secure

With out using virtual directory Users cannot access this file path directly.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Apr 04, 2008 Apr 04, 2008

Copy link to clipboard

Copied

The attached code seems to hide the document URL upon download even when it is located inside the webroot. I don't know if this will keep users out alltogether but it is a good start.

I got this info from JR "Bob" Dobbs over in this post.
Inserting a Filename into a BLOB

Inserting a Filename into a BLOB

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Apr 04, 2008 Apr 04, 2008

Copy link to clipboard

Copied

But if you have the virtual directory setup cant they be access through that?

I have limited experience with this which is why i am asking...

Say I have a virtual directory in my webroot called documents which is where I am going to store PDF's

My webroot is : C:\inetput\wwwroot\mydomain.com\
My Virtual Dir is C:\StoredDocs

I understand that the files are not stored in the webroot, but cant they still be accessed via www.mydomain.com/documents ?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Apr 06, 2008 Apr 06, 2008

Copy link to clipboard

Copied

LATEST
But how they came to know about the virtual directory name only, the developer and the server peoples know about the virtual directory name.

While uploading we are giving a path like this "c:\uploadedfiles\"

Only we use the virtual directory to download the uploaded files.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Apr 04, 2008 Apr 04, 2008

Copy link to clipboard

Copied

I wish I had that answer as well. I'm new enough to CF that I don't know. In addition, my application is going to be running on a shared server and I don't get access to anything outside my webroot.

One thing I plan on trying, and maybe you advanced coders can provide some insight here, is storing the doc folder in a subdirectory that is protected by an Application.cfm requiring a login.

Anyone out there see a bug with this type of approach?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
Apr 04, 2008 Apr 04, 2008

Copy link to clipboard

Copied

Storing documents outside the web root and using <cfcontent> to push their contents to the users is the most secure method.

Putting the documents in a subdirectory of the web root and securing that directory with an Application.cfm will only protect .cfm and .cfc files (as that's the only time that CF is involved in the request). That is, unless you configure CF to handle every request.

The virtual directory is no safer than putting the documents in a subdirectory. The links to your documents are still going to look like: http://www.mysite.com/virtualdirectory/myfile.pdf
Users won't need to log in to access these documents.

<cfcontent> or configuring CF to handle every request is the only way to ensure users have to log in before accessing non-CF files. Unless you want to use web-server authentication.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Apr 04, 2008 Apr 04, 2008

Copy link to clipboard

Copied

quote:

Originally posted by: Kronin555<cfcontent> or configuring CF to handle every request is the only way to ensure users have to log in before accessing non-CF files. Unless you want to use web-server authentication.


So, say the files were in C:\Documents\ and my file name was stored in a database... I would include the file but using:

<cfcontent file="C:\Documents\#file.filename#" .... />

This will just make is so I can display the document within my page correct? Or can I make a link that when clicked the file can be downloaded?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Apr 04, 2008 Apr 04, 2008

Copy link to clipboard

Copied

So, my method of using <cfcontent> shown in the previous code will help throw someone off the trail even though the docs are stored within the root?

What does a person do when they're using a shared server at a place like hostmysite and need to get docs into a folder outside the root for further protection?

Thank you Kronin555 for jumping in on this post.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Contributor ,
Apr 04, 2008 Apr 04, 2008

Copy link to clipboard

Copied

IF you have control over IIS you can make sure that there is no directory browsing allowed AND create a default page inside the directory where the PDFs are stored. That way if somebody tries to surf to a PDF directly, they will get snagged by the default page and handled.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation