3

I am uploading files using multipart form, Apache FileUpload, etc. It work fine.

But, I want to know what are the best practices or common practices when saving files in server, according to following:

  • Naming the files in server (i.e.: What name is better? Some UUID generated, or the row ID generated by db table when I insert the file associated data)
  • The best location for files inside the server (What is better? i.e. In linux server which folder or partition I should use. Do I have to encrypt the uploaded files?)
  • When I put a link to access the files from browser: Is better a direct access, or using a servlet?
pb2q
  • 58,613
  • 19
  • 146
  • 147
nashuald
  • 805
  • 3
  • 14
  • 31
  • for your last question, there is no way to access a file on server without passing through a servlet. at least you will need a default servlet. – gigadot Sep 27 '12 at 22:39
  • 1
    Most of those questions are answerable with whatever works best for you and your architecture. The encryption of the files depends on your needs as well but even with confidential bank documents I haven't had a request to encrypt doc's on my companies server. – scrappedcola Sep 27 '12 at 22:41
  • @gigadot You could set up an Apache + Tomcat installation and allow Apache access to the application's upload directory. I would strongly disadvise, but it's possible to do so. – f_puras Sep 28 '12 at 11:18
  • @f_puras I agree that it's not called servelt but it's the apache httpd process which pass the file through the http stream. There is no way to access the OS file system directly from the internet using http protocol. – gigadot Sep 28 '12 at 11:40

2 Answers2

1
  1. If you do it this way (files in filesystem, metadata in DB) then row ID for filename is not a bad idea (at least it ensures uniqueness). Unfortunately you will have to take care that filesystem and database are in sync, so it will require careful coding.
  2. If you care for performance files can be stored on a separate HDD (or NAS). Note that if the number of files is going to be big (thousands) you should not put all of them in one folder, but instead group them in subfolders, each containing at most several hundreds of files. It will ensure low access time if the number of files gets big. The use of encryption should depend on your business needs (do the files contain confidential data?).
  3. Servlet is a better way, as it hides the real storage details from the client and it's more proof for future changes in the application. It has also some other benefits (eg. you can implement your access control, you get caching in browsers/proxies out-of-the-box, etc ). And it's a must if you use encryption.
BenMorel
  • 34,448
  • 50
  • 182
  • 322
Adam Dyga
  • 8,666
  • 4
  • 27
  • 35
0

After having had recurring trouble with server file system operations (missing permissions, different behaviour on different platforms) I would recommend just stuffing file data as BLOBs in your database. This way, you do not need to elaborate on unique file naming schemes, and all sensitive data will lie in one place.

In this case, you will need a servlet for downloading, which IMHO is the better way even for accessing data stored in files.

f_puras
  • 2,521
  • 4
  • 33
  • 38
  • I struggled with the same issue some time ago too. Eventually I decided to keep files in filesystem, because the amount of stored data was expected to be huge (terabytes or raw video). I'm wondering how databases such as MySQL or PostgreSQL would perform with such amount of data in BLOBs? – Adam Dyga Sep 28 '12 at 11:55