Dec 29th, 2009, 9:34 AM
(This post was last modified: Dec 29th, 2009, 9:38 AM by moorezilla.)
Hi Ben,
Happy Holidays!
You may very well be right that storing files in the database is not "best practice," as I am admittedly not an expert. It just seems to solve a few problems for me. Both of these suggestions spring from the same project.
We collect information from job applicants that could be considered sensitive. Since this information could be located in both form fields and in uploaded documents solicited through forms, I'm looking for a way to protect both at once.
Storing uploaded documents in mysql eliminates having a folder under the web root with all of the uploaded documents. Right now, I usually drop an extra .htaccess file in the directory to protect them, but this then requires an extra log in for people accessing these files either from links in emails or through the admin area of form tools.
Storing all data (including file uploads) encrypted in mysql solves all of my problems (at least in my mind!), since it eliminates the need to have a directory for file uploads in the web root, and it allows us to keep all information in an encrypted format on the server. Storing all data in an encrypted format is a directive that is coming down the pipe for us, so I'm trying to address it now.
Your suggestion to run an encryption routine before adding information to the database is great, but I thought it would be nice to have an option in form tools where you could click a checkbox and this would happen automagically. You might think this suggests that I am a lazy or inept programmer (you'd be correct!), but it's really a suggestion to make form tools even more robust and an even stronger agent of good in the fight against data piracy!
Let me know if I can add any additional information (or arguments!) for this.
Best,
am
Happy Holidays!
You may very well be right that storing files in the database is not "best practice," as I am admittedly not an expert. It just seems to solve a few problems for me. Both of these suggestions spring from the same project.
We collect information from job applicants that could be considered sensitive. Since this information could be located in both form fields and in uploaded documents solicited through forms, I'm looking for a way to protect both at once.
Storing uploaded documents in mysql eliminates having a folder under the web root with all of the uploaded documents. Right now, I usually drop an extra .htaccess file in the directory to protect them, but this then requires an extra log in for people accessing these files either from links in emails or through the admin area of form tools.
Storing all data (including file uploads) encrypted in mysql solves all of my problems (at least in my mind!), since it eliminates the need to have a directory for file uploads in the web root, and it allows us to keep all information in an encrypted format on the server. Storing all data in an encrypted format is a directive that is coming down the pipe for us, so I'm trying to address it now.
Your suggestion to run an encryption routine before adding information to the database is great, but I thought it would be nice to have an option in form tools where you could click a checkbox and this would happen automagically. You might think this suggests that I am a lazy or inept programmer (you'd be correct!), but it's really a suggestion to make form tools even more robust and an even stronger agent of good in the fight against data piracy!
Let me know if I can add any additional information (or arguments!) for this.
Best,
am