On Mon, May 27, 2013 at 4:59 AM, Dan Egli <[email protected]> wrote: > He has said that he is paranoid about people being able to gain access to > the content from outside the web page.
As other people have pointed out, storing files inside of the database does not make his files more secure. In fact, I would argue that it creates additional security flaws - if you accidentally introduce an opportunity for an SQL injection attack, someone could potentially access anything in your DB via the web. I'm not sure how you can allow the web server access to the files without also granting access to anyone with root on the machine, but there's got to be a better way than dropping them all in the DB. -Dan /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
