2

It is quite common that uploaded files (images, videos, etc.) are stored on a file server because of performance and database-recovery-time reasons. But is there a benefit of storing such files in database in terms of security?

My-Name-Is
  • 389
  • 1
  • 5
  • 12
  • 2
    Unless your file server is less secure than your database server, no. – Ry- Sep 13 '14 at 19:08
  • 1
    @minitech There are very different attack patterns that affect both methods of data storage. For example, storing uploaded files on your filesystem could lead to remote code execution by uploading an executable script, like php or asp. – rook Sep 13 '14 at 22:31

1 Answers1

3

Most large web applications need to limit database usage, and there is an additional burden by using the database as a file store. Most databases are not really designed for file access, MongoDB is a document store, and is commonly used to store files and related data. Another option is using Amazon S3 to store and distribute content.

Regardless of where you store the files, there is a lot that can go wrong with file storage and retrieval.

SilverlightFox
  • 33,408
  • 6
  • 67
  • 178
rook
  • 46,916
  • 10
  • 92
  • 181