13 Replies Latest reply on Apr 6, 2008 9:35 PM by V.K.R (Vijay)

    Best Practice for storing PDF docs

    Ofeargall Level 1
      My client has a number of PDF documents for handouts that go with his consulting business. He wants logged in users to be able to download the PDF docs for handouts at training. The question is, what is the 'Best Practice' for storing/accessing these PDF files?

      I'm using CF/MySQL to put everything else together and my thought was to store the PDF files in the db. Except! there seems to be a great deal of talk about BLOBs and storing files this way being inefficient.

      How do I make it so my client can use the admin tool to upload the information about the files and the files themselves, not store them in the db but still be able to find them when the user want's to download them?
        • 1. Re: Best Practice for storing PDF docs
          Oğuz Demirkapı Level 1
          I would suggest to upload PDF files with normal file upload and save the file references in DB not the direct files.

          You would have a database which contains file locations to generate dynamic links.

          You can either put the files in a subdirectory in your webroot or directly refer the files with URLs or outside of the webroot and push the required files with cfcontent etc.



          • 2. Re: Best Practice for storing PDF docs
            V.K.R (Vijay)
            Hi,

            My opinion is to keep the files in the outside of the webroot and create a virtual directory for downlaod the files.
            • 3. Re: Best Practice for storing PDF docs
              BKBK Adobe Community Professional & MVP
              I would enable the PDFs to be uploaded to a directory outside the webroot. Only logged in users will be allowed to download them.



              • 4. Re: Best Practice for storing PDF docs
                josheby Level 1
                Just out of curiousity... what are the reasons for storing the files outside the webroot using a virtual dir?
                • 5. Re: Best Practice for storing PDF docs
                  V.K.R (Vijay) Level 1
                  Hi,

                  While you are storing the files out side of the webroot it will be secure

                  With out using virtual directory Users cannot access this file path directly.
                  • 6. Re: Best Practice for storing PDF docs
                    Ofeargall Level 1
                    The attached code seems to hide the document URL upon download even when it is located inside the webroot. I don't know if this will keep users out alltogether but it is a good start.

                    I got this info from JR "Bob" Dobbs over in this post.
                    Inserting a Filename into a BLOB

                    Inserting a Filename into a BLOB
                    • 7. Re: Best Practice for storing PDF docs
                      josheby Level 1
                      But if you have the virtual directory setup cant they be access through that?

                      I have limited experience with this which is why i am asking...

                      Say I have a virtual directory in my webroot called documents which is where I am going to store PDF's

                      My webroot is : C:\inetput\wwwroot\mydomain.com\
                      My Virtual Dir is C:\StoredDocs

                      I understand that the files are not stored in the webroot, but cant they still be accessed via www.mydomain.com/documents ?
                      • 8. Re: Best Practice for storing PDF docs
                        Ofeargall Level 1
                        I wish I had that answer as well. I'm new enough to CF that I don't know. In addition, my application is going to be running on a shared server and I don't get access to anything outside my webroot.

                        One thing I plan on trying, and maybe you advanced coders can provide some insight here, is storing the doc folder in a subdirectory that is protected by an Application.cfm requiring a login.

                        Anyone out there see a bug with this type of approach?
                        • 9. Best Practice for storing PDF docs
                          Kronin555 Level 1
                          Storing documents outside the web root and using <cfcontent> to push their contents to the users is the most secure method.

                          Putting the documents in a subdirectory of the web root and securing that directory with an Application.cfm will only protect .cfm and .cfc files (as that's the only time that CF is involved in the request). That is, unless you configure CF to handle every request.

                          The virtual directory is no safer than putting the documents in a subdirectory. The links to your documents are still going to look like: http://www.mysite.com/virtualdirectory/myfile.pdf
                          Users won't need to log in to access these documents.

                          <cfcontent> or configuring CF to handle every request is the only way to ensure users have to log in before accessing non-CF files. Unless you want to use web-server authentication.
                          • 10. Re: Best Practice for storing PDF docs
                            josheby Level 1
                            quote:

                            Originally posted by: Kronin555<cfcontent> or configuring CF to handle every request is the only way to ensure users have to log in before accessing non-CF files. Unless you want to use web-server authentication.


                            So, say the files were in C:\Documents\ and my file name was stored in a database... I would include the file but using:

                            <cfcontent file="C:\Documents\#file.filename#" .... />

                            This will just make is so I can display the document within my page correct? Or can I make a link that when clicked the file can be downloaded?

                            • 11. Re: Best Practice for storing PDF docs
                              Ofeargall Level 1
                              So, my method of using <cfcontent> shown in the previous code will help throw someone off the trail even though the docs are stored within the root?

                              What does a person do when they're using a shared server at a place like hostmysite and need to get docs into a folder outside the root for further protection?

                              Thank you Kronin555 for jumping in on this post.
                              • 12. Re: Best Practice for storing PDF docs
                                Dinghus Level 1
                                IF you have control over IIS you can make sure that there is no directory browsing allowed AND create a default page inside the directory where the PDFs are stored. That way if somebody tries to surf to a PDF directly, they will get snagged by the default page and handled.
                                • 13. Best Practice for storing PDF docs
                                  V.K.R (Vijay) Level 1
                                  But how they came to know about the virtual directory name only, the developer and the server peoples know about the virtual directory name.

                                  While uploading we are giving a path like this "c:\uploadedfiles\"

                                  Only we use the virtual directory to download the uploaded files.