can't you just make the name of the file include a unique identifier of some
sort, or store each user's files in a different directory or something, to
make sure that they can't overwrite each other's (or their own) files?

Or would that not work in your app?



// -----Original Message-----
// From: Miguel Carvalho [mailto:[EMAIL PROTECTED]]
// Sent: Tuesday, 3 September 2002 5:35 PM
// Subject: [PHP-DB] External file integryti check
// Hi, id'like to know the opinion about to ensure external 
// file integrity.
// Scenario: A web application that uses binary files( images, PDF's ).
// On the database ( postgresql 7.2.2 ) i store the filename of 
// the files.
// The files ( images only ) are taken from an internal machine 
// when needed(
// via ftp ) or automatically at idle periods.If the image 
// comes throuth ftp( requested by a user ),
//  the image is downloaded to a temporary directory, a record 
// is inserted
//  into the database and the file get's moved to the final 
// directory if it
//  passed some tests.If no image is requested by a user, a 
// script will download( rcp ) at night
// the files and then put those in the final directory.When a 
// user request's a PDF, i create the PDF in realtime, using info.
// stored in the DB plus the image( store on filesystem ).
// My concern here is the folowing:
//   let's imagine that an image file is overwriten with a new image( by
//   mistake ). This is possible because users use some kind of 
// ID to name
//   the file. If this appens, the info stored in DB is out of sync in
//   relation to the file stored in filesystem.
//   To correct this issues i have three possibilities:
//     1 - Store the PDF's in the filesystem, and store the 
// file date, time
//     and    CRC32 of the entire file in the database. This 
// solution has a
//     consequence... i will need lots of space in the server( 
// each file is
//     aprox. 2MB ).      At night a script will validate the 
// sync between the info stored in
//       DB and the info on filesystem.
//     2 - Create the PDF when requested. When the PDF generated for the
//     first time, i will store: image creation date, time, 
// crc32 and some
//     more dates, times and CRC32's of other information into 
// the DB.      At night a script will validate the sync 
// between the info stored in
//       DB and the info on filesystem.
//     3 - Run a script that is change file permissions( file 
// is created with
//     user owner of webserver) for those new records inserted 
// to root.      A script will be run, because i cant change 
// ownership of a file on
//       the fly with PHP( PHP security ).
// Those are my solution's, if any one has any comments or suggestion's
// please  share it with us.Thank's
// Miguel Carvalho
// -- 
// PHP Database Mailing List (
// To unsubscribe, visit:

PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to