I want to store a large number of images on a server gallery. I can create my own folder for that, but in the default template there is a folder named App_Data. Obviously, I imagine that creators of the template meant for us to store data there. But I can't find a way to open anything in that folder.
Is it intended? Or how do I do that? Or should I make my own folder for that reason?
It is by design. App_Data was meant for data files like sql express DB's files. It is protected so that you can't surf to it and grab files out of it. Put your images in another folder to correct this.
Related
Individual Folder create for each user when they register on website outside the webroot folder.I am able to upload the image and store Image path in database.However,I am unable to display the Image. I am trying to get the path of Image from database using LINQ and display in VIEW but it does not work. I can view only one(from the list of Image)Image when FILESTREAM the image path and retrun using FILESTREAMRESULT
Can anyone please guide me how to achieve it? All I want to do is create folder for each respective user when they register in external folder. Upload Image and display.
Typically, I would keep files in a secure database or within the application's subfolders. But, here's what I would suggest if you really need to access a different folder on the server.
Create a folder on your server's file system ahead of time.
On the server, assign permissions to that folder so that the identity used by your application can access it.
In your code, write code to access the folder and file path.
Hope that helps!
p.s. here's another Q&A on StackOverflow (with some words of warning) in which the second part of the answer is similar to what I suggested.
ASP.NET - Reading and writing to the file-system, outside the application
I have implemented upload/delete Logo functionality in my MVC3/C# WebApp. Where would be the correct folder to store these? I am currently using "Uploads/Logos" off root. Now of course the folder permissions prevent me from deleting files which got me thinking as to whether this is the correct place. Perhaps it should be in the "Content" or "App_Data" folder ??
Thoughts appreciated?
Thanks.
If you are linking to the files directly, then you cannot place them in the App_Data folder as any request to an item in App_Data will be rejected.
I would like to create a simple file repository in Ruby on Rails. Users have their accounts, and after one logs in they can upload a file or download files previously uploaded.
The issue here is the security. Files should be safe and not available to anyone but the owners.
Where, in which folder, should I store the files, to make them as safe as possible?
Does it make sense, to rename the uploaded files, store the names in a database and restore them when needed? This might help avoid name conflicts, though I'm not sure if it's a good idea.
Should the files be stored all in one folder, or should they be somewhat divided?
rename the files, for one reason, because you have no way to know if today's file "test" is supposed to replace last week's "test" or not (perhaps the user had them in different directories)
give each user their own directory, this prevents performance problems and makes it easy to migrate, archive, or delete a single user
put metadata in the database and files in the file system
look out for code injection via file name
This is an interesting question. Depending on the level of security you want to apply I would recommend the following:
Choose a folder that is only accessible by your app server (if you chose to store in the FS)
I would always recommend to rename the files to a random generated hash (or incremntally generated name like used in URL shorteners, see the open source implementation of rubyurl). However, I wouldn't store them in a database because filesystems are built for handling files, so let it do the job. You should store the meta data in the database to be able to set the right file name when the user downloads the file.
You should partition the files among multiple folders. This gives you multiple advantages. First, filesystems are not built to handle millions of files in a single folder. If you have operations that try to get all files from a folder this takes significantly more time. If you obfuscate the original file name you could create one directory for each letter in the filename and would get a fairly good distributed number of files per directory.
One last thing to consider is the possible collision of file names. A user should not be able to guess a filename from another user. So you might need some additional checks here.
Depending on the level of security you want to achieve you can apply more and more patterns.
Just don't save the files in the public folder and create a controller that will send the files.
How you want to organise from that point on is your choice. You could make a sub folder per user. There is no need to rename from a security point of view, but do try to cleanup the filename, spaces and non ascii characters make things harder.
For simple cases (where you don't want to distribute the file store):
Store the files in the tmp directory. DON'T store them in public. Then only expose these files via a route and controller where you do the authentication/authorisation checks.
I don't see any reason to rename the files; you can separate them out into sub directories based on the user ID. But if you want to allow the uploading of files with the same name then you may need to generate a unique hash or something for each file's name.
See above. You can partition them any way you see fit. But I would definitely recommend partitioning them and not lumping them in one directory.
I cleaned up someone's style sheet for a Dreamweaver site, by editing the css directly, and now the secretary is having trouble using her old template.
Most of the files in her site reside in subdirectories of the 'upload' directory. For example, I would have expected to see the stylesheet in
../assets/css/ etc.
but in fact I'm finding it in
../upload/assets/css/ etc.
In addition to assets, I am also finding Templates and images as subdirectories of 'upload'.
Do you know why this 'upload' directory was used?
I am considering two possible approaches.
(1) Make sure everything needed is in ../upload/ and remove the subdirectories that are directly in the root directory
(2) Edit the template to remove all references to ../upload/
Note that (2) appeals to me because the file structure will be simpler; but I wonder if the client has some sort of extension in her Dreamweaver that causes everything she ftp's to be put into the 'upload' directory.
Note that so far I have copied my cleaned up css file over to ../upload/assets/ as a short-term solution. But they want to be able to make changes to their template, and add new pages, on their own in future.
Thanks.
The likely problem is how she has her FTP remote settings specified. It appears that it now points to the upload folder rather than the web root. Or, it could be that her FTP user account is tied to the upload folder rather than the web root.
I'm having problems with deciding where to store files uploaded by user in my asp.net mvc application.
I've been using asp classic for about 10 years now, and always stored my files on disc at the site, and storing filename and folders in database.
How would you guys approach this problem?
Having them in database, and might get performance issues there? or leave it the way I always done it, and might get problems with "sync" filesystem and db?
I must have some sort of relational info in the database, so I cant store them just on disc
I'm using sql 2005 atm, and I read somewhere that sql 2008 has some sort of datacolumn now that just stores a "pointer" (like the text-datatype) to a file on disc, is that the way to go?
In some way, database is called a database for some reason, so not sure why invent wheel again? :)
Any pointers or ideas would be appreciated, I guess I'm just wondering about problems I might run into if I go with the database-approach
/M
You could use the special App_Data folder to put uploaded files and store the path into the database. If you go with SQL Server 2008 then you could take a look at the FILESTREAM type.
I'm not sure if your web application is load balanced or not, for the file management systems I've built in the past, I have always stored my files on a SAN or a network shared drive so they are accessible to all web/app servers. In addition, rather than storing the files as is, I always change the file name and type before I persist them on the file system (I typically use a GUID as the file name and a random file extension). Lastly, I would store the original file information in the database the files can be moved or copied logically rather than physically.