Hi, id'like to know the opinion about to ensure external file integrity.

Scenario: A web application that uses binary files( images, PDF's ).
On the database ( postgresql 7.2.2 ) i store the filename of the files.

The files ( images only ) are taken from an internal machine when needed(
via ftp ) or automatically at idle periods.If the image comes throuth ftp( requested 
by a user ),
 the image is downloaded to a temporary directory, a record is inserted
 into the database and the file get's moved to the final directory if it
 passed some tests.If no image is requested by a user, a script will download( rcp ) 
at night
the files and then put those in the final directory.When a user request's a PDF, i 
create the PDF in realtime, using info.
stored in the DB plus the image( store on filesystem ).
My concern here is the folowing:
  let's imagine that an image file is overwriten with a new image( by
  mistake ). This is possible because users use some kind of ID to name
  the file. If this appens, the info stored in DB is out of sync in
  relation to the file stored in filesystem.
  To correct this issues i have three possibilities:

    1 - Store the PDF's in the filesystem, and store the file date, time
    and    CRC32 of the entire file in the database. This solution has a
    consequence... i will need lots of space in the server( each file is
    aprox. 2MB ).      At night a script will validate the sync between the info 
stored in
      DB and the info on filesystem.
    2 - Create the PDF when requested. When the PDF generated for the
    first time, i will store: image creation date, time, crc32 and some
    more dates, times and CRC32's of other information into the DB.      At night a 
script will validate the sync between the info stored in
      DB and the info on filesystem.
    3 - Run a script that is change file permissions( file is created with
    user owner of webserver) for those new records inserted to root.      A script 
will be run, because i cant change ownership of a file on
      the fly with PHP( PHP security ).
Those are my solution's, if any one has any comments or suggestion's
please  share it with us.Thank's
Miguel Carvalho

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to