0

I am working on an asp.net mvc core web application which have Entity framework as the data access layer. and i have a document management module inside our application, where users can upload files such as "MS Office", PDFs, images, etc.. >> then they can set permission for each file >> either public so it is viewable by all registered users OR private to specific users only (where they can select the users from a list of registered users).

now we have 2 ways for storing and managing files inside our asp.net mvc core:-

  1. store the files inside a folder on our host server
  2. store the files inside our database.

so i am not sure which approach will be more suitable for us? especially that we have the option to apply custom permissions on each file.. so is it better to store the files inside the database? Also in the future we might allow the end users to specify if they want to encrypt the files as a second level of security.

second question. if i store the files inside the database then can user download the files to their local machines? and view the files using separate urls? Thanks

John John
  • 1
  • 72
  • 238
  • 501
  • 1
    For the non-permission part, this may be relevant: https://stackoverflow.com/questions/2371297/storing-images-in-db-vs-in-folder-structure/2371424#2371424 – Rune May 15 '19 at 12:27
  • @Rune thanks for the link, i already had a look at this post but it is a general comparison between the 2 approaches, but my question is more specific to the case i described.. – John John May 15 '19 at 12:29

1 Answers1

1

TL;DR: AFAICT, the permission issue shouldn't affect your choice. Investigate whether storing the files on disk or in the database would be the right thing to do, ignoring the permissions issue, and you will have your answer.

No matter where you store the files, you will have to store the permissions in the database and enforce them in your ASP.NET application. Now, either you

  • store each file in the database, with a pointer pointing to the permissions, or
  • store the name of each file in the database, with a pointer pointing to the permissions and a pointer pointing to the file on the host server.

When a request for a file comes in, your ASP.NET application will look up the permissions in the database and evaluate them. If the permission check fails, it will return an error to the client. If the permission check succeeds, it will retrieve the file either from the database or the file system. Thus, it all boils down to whether the file system or the DB is the best solution in general, ignoring the permission issue.

See Storing images in DB vs in Folder Structure for pros and cons.

Rune
  • 8,340
  • 3
  • 34
  • 47
  • ok thanks for the valuable reply. so having the files stored inside our DB or inside file system does not have any effect on applying custom permissions on them.. i thought that having the files stored inside the database will only allow me to control who can access the files.. but i think end users can not request files directly from the hosting server, so any request to access the files must go through the system, and i can control the permissions accordingly.. – John John May 15 '19 at 15:14
  • now one point which i should have already mentioned that some of our files contain legal agreements and confidential info, and we might need to encrypt them as a second level of security, so does encrypting the files favor one option (DB or file system) over the other? – John John May 15 '19 at 15:15
  • I don't think encryption changes the picture – Rune May 16 '19 at 08:26
  • but can we still encrypt and decrypt a file store inside a file system? – John John May 16 '19 at 11:08
  • so if both options can cover custom permissions, encryption, etc then which appraoch you recommend to store files; inside database or inside file system or using a hybrid appraoch by using FileStream field type? – John John May 17 '19 at 01:28
  • 1
    To the file system, an encrypted file is just another file, so we can definitely store it in the file system. As for what to recommend, I don't know your usage scenario well enough. As mentioned in the other answer, it depends on how data will be used, how important perfornance is, how big your files are, what database you have etc. etc. – Rune May 19 '19 at 10:09
  • now in my case i am going to host the asp.net core on the cloud and will ask to use the latest sql server version, as for the performance it is very important to us + users can upload at-most 10 documents per workflow instance and we can have unlimited number of workflow instances.. most of the files will have sizes bewteen 600 KB - 1.5 MB , and we will not allow a single file to be more than 5 MB.. – John John May 20 '19 at 12:45
  • I am sorry, but this is too complicated to reach a sound conclusion on via comments on StackOverflow. If you would like to, I am happy to engage with you professionally. You may reach me at https://www.linkedin.com/in/runeibsen/. – Rune May 20 '19 at 14:03