can't you just make the name of the file include a unique identifier of some sort, or store each user's files in a different directory or something, to make sure that they can't overwrite each other's (or their own) files?
Or would that not work in your app? HTH Beau // -----Original Message----- // From: Miguel Carvalho [mailto:[EMAIL PROTECTED]] // Sent: Tuesday, 3 September 2002 5:35 PM // To: [EMAIL PROTECTED] // Subject: [PHP-DB] External file integryti check // // // Hi, id'like to know the opinion about to ensure external // file integrity. // // Scenario: A web application that uses binary files( images, PDF's ). // On the database ( postgresql 7.2.2 ) i store the filename of // the files. // // The files ( images only ) are taken from an internal machine // when needed( // via ftp ) or automatically at idle periods.If the image // comes throuth ftp( requested by a user ), // the image is downloaded to a temporary directory, a record // is inserted // into the database and the file get's moved to the final // directory if it // passed some tests.If no image is requested by a user, a // script will download( rcp ) at night // the files and then put those in the final directory.When a // user request's a PDF, i create the PDF in realtime, using info. // stored in the DB plus the image( store on filesystem ). // My concern here is the folowing: // let's imagine that an image file is overwriten with a new image( by // mistake ). This is possible because users use some kind of // ID to name // the file. If this appens, the info stored in DB is out of sync in // relation to the file stored in filesystem. // To correct this issues i have three possibilities: // // 1 - Store the PDF's in the filesystem, and store the // file date, time // and CRC32 of the entire file in the database. This // solution has a // consequence... i will need lots of space in the server( // each file is // aprox. 2MB ). At night a script will validate the // sync between the info stored in // DB and the info on filesystem. // 2 - Create the PDF when requested. When the PDF generated for the // first time, i will store: image creation date, time, // crc32 and some // more dates, times and CRC32's of other information into // the DB. At night a script will validate the sync // between the info stored in // DB and the info on filesystem. // 3 - Run a script that is change file permissions( file // is created with // user owner of webserver) for those new records inserted // to root. A script will be run, because i cant change // ownership of a file on // the fly with PHP( PHP security ). // Those are my solution's, if any one has any comments or suggestion's // please share it with us.Thank's // Miguel Carvalho // // // // -- // PHP Database Mailing List (http://www.php.net/) // To unsubscribe, visit: http://www.php.net/unsub.php // -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
