Hey guys, I just wanted some quick feedback as this is my first time dealing with file storage and I’d like to do it properly.
I’ve got public downloads. They are available if under the right role. My plan was to store them in a database. Have a back end where the client can update existing downloads. (We usually have monthly new version releases). The size of all the files can’t
be more than 2GB.
I’ve read that storing files on the web server can be a security risk, and that I should have a separate service for file serving. This seems like a bit of overkill for what I need.
I’m not looking for instructions on how to store on a database, I’ve got that figured out. Just want to make sure I’m approaching this the right way. Could be overthinking it as well.
Could be overthinking it as well.
Of course. Anyway, SqlServer have FileStream column
For this requirement, you also could consider using the FTP to manage files. You could have a server that used to storage files, then configure a FTP site in the IIS.
After that you could upload the files to the FTP server.
# How to: Upload Files with FTP
I’ve read that storing files on the web server can be a security risk
As per your description, you are storing the files in the database and not in the web server. Is this correct? In that case you are already using database service for file serving
As web servers are outside the firewalls they more vulnerable for attacks. Hence people recommend to put the files inside the firewall and use some kind of service to deliver the files. In your scenario you can have your database inside the firewall and
deliver the files to the webserver.