Re: securing pdf's in databases
Re: securing pdf's in databases
- Subject: Re: securing pdf's in databases
- From: Jonathan Rochkind <email@hidden>
- Date: Mon, 5 Apr 2004 11:08:30 -0500
You could put it in the database, yes.
Another way to do it (that I would personally prefer, although I'm
not sure I can justify this preference), is to put them in the file
system, but _not_ in the web server document root. Somewhere in the
file system that is _not_ web accessible.
When you want to return a PDF to a user, you create a WOResponse, and
use the setContent method to set the data of the WOResponse to the
PDF your app read from the file system. And set the mime type header
appropriately too, of course. Better yet, instead of setContent, use
the new 'streaming' API: WOResponse.setContentStream, set to an
InputStream you created to point to that location in the file system.
Now you can send the PDF to the client without ever reading it all
into memory at once---which may not matter for a 30K file, but is
still once. I suppose that's one reason to prefer this method over
keeping it in the db----if you are using EOF to access the db,
there's no way to get the PDF without reading it all into memory at
once.
But keeping it in the database potentially works too. This is a long
running 'debate' on the list---whether it's preferable to keep your
large data in your db or on the file system. In either case, you can
still control access to it through your app, though. Your particular
desire to do that doesn't effect the situation---except that of
course if you store in the file system, you shouldn't put it in a
publically accessible part of the file system (like under the web
server doc root), you should put it in some non-public part of the
file system, and then deliver it as described above.
--Jonathan
At 11:43 AM -0400 4/5/04, Frank Ribitch wrote:
I am creating a program that fetches info and an attachment (PDF)
from an email address and stores it into a database. Most of the
work is done.
I am now trying to figure out how to make sure the attachment is not
accessible from all individuals, since the database runs a
webobjects website. The PDF is a invoice from quickbooks that has to
be emailed off. I have a program that currently can automatically
pull the pdf from the email, insert the file information into a
database, and move to the next email. The program does have logic to
verify the attachment.
Ideally, i would like to put the pdf's into the database. The
program is a java-cocoa application. I dont want customer x to see
customer y's invoices and vice versa. If i did this with a database,
i could make it work. I dont want the images in a folder sitting on
the webserver.
How would I go about doing this? Would I use a BLOB. The PDF files
are under 30k each, and database size is not a problem. Is there any
other recommended way to do this?
Thanks
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.