Securing documents - SQL Server or FileSystem

[Marlow]

I am writing a .NET web application that provides secure access t
images and files. Basically files/images will be uploaded to th
website (storage method to be determined) by a given user and the
access to the file will be restriced to other specific users base
upon some permissions that are stored in join tables against the fil
meta data records

Currently I am storing the files in the file system with a pointer t
the folder the files reside in. Each folder has a unique hashed name

The problem is that the files are all accessible to anyone if a use
is able to "guess" or otherwise determine the appropriate URL t
retrieve the file. Obviously this is not appropriate for informatio
that must be secure

To resolve this problem I have thought of two methods
1) Store the files in the SQL Database, and have an aspx page th
retrieves the files and checks certain security credentials and th
binarywrites the file to response, o
2) Move the files out of the accessible web published folders, t
another area of the file system, then write a page that checks th
security credentials opens a filestream to the file and writes it int
the Response object (if this is even feasible?)

There are potentially very large files to be uploaded and upwards o
30,000 files. I am aware of the data paging in storing files large
than 8K in SQL. Also there will be several different instances of th
application and database running for different clients but on the sam
servers

Alot of the files will be images that are referenced through
provided DHTML control, many of which will appear on a public websit
and will be accessed very frequently. Which of the above methods woul
provide (in your opinion of course!) the best combination of Securit
and Performance

An example would be that a given file is available from a specifi
online date, until a specific offline date. It must be such that afte
that date the file can no longer be accessed even if the user has th
URL directly through to the specific file. (Currently the HTML conten
that links to the files is taken offline, but not the file
themselves.

Any input appreciated, thanks in advance

[Aaron Bertrand [MVP]]

I'd go with #2. See [url]http://www.aspfaq.com/2149[/url] for pros and cons of the
options, and [url]http://www.aspfaq.com/2276[/url] for information about using
ADODB.Stream to present images that are not in the web folders.

--
Aaron Bertrand
SQL Server MVP
[url]http://www.aspfaq.com/[/url]





"Marlow" <anonymous@discussions.microsoft.com> wrote in message
news:0538D328-ABC3-4099-AFA1-07F79374B944@microsoft.com...

>I am writing a .NET web application that provides secure access to
> images and files. Basically files/images will be uploaded to the
> website (storage method to be determined) by a given user and then
> access to the file will be restriced to other specific users based
> upon some permissions that are stored in join tables against the file
> meta data records.
>
> Currently I am storing the files in the file system with a pointer to
> the folder the files reside in. Each folder has a unique hashed name.
>
> The problem is that the files are all accessible to anyone if a user
> is able to "guess" or otherwise determine the appropriate URL to
> retrieve the file. Obviously this is not appropriate for information
> that must be secure.
>
> To resolve this problem I have thought of two methods:
> 1) Store the files in the SQL Database, and have an aspx page the
> retrieves the files and checks certain security credentials and the
> binarywrites the file to response, or
> 2) Move the files out of the accessible web published folders, to
> another area of the file system, then write a page that checks the
> security credentials opens a filestream to the file and writes it into
> the Response object (if this is even feasible?).
>
> There are potentially very large files to be uploaded and upwards of
> 30,000 files. I am aware of the data paging in storing files larger
> than 8K in SQL. Also there will be several different instances of the
> application and database running for different clients but on the same
> servers.
>
> Alot of the files will be images that are referenced through a
> provided DHTML control, many of which will appear on a public website
> and will be accessed very frequently. Which of the above methods would
> provide (in your opinion of course!) the best combination of Security
> and Performance?
>
> An example would be that a given file is available from a specific
> online date, until a specific offline date. It must be such that after
> that date the file can no longer be accessed even if the user has the
> URL directly through to the specific file. (Currently the HTML content
> that links to the files is taken offline, but not the files
> themselves.)
>
> Any input appreciated, thanks in advance.
>

[Aaron Bertrand [MVP]]

Note that your application is only as secure as the filesystem. If a user
can get to the filesystem, then they can access the code that retrieves
images in option 1, or the files themselves in option 2.

--
Aaron Bertrand
SQL Server MVP
[url]http://www.aspfaq.com/[/url]