I'm starting a new development project where I'm considering moving image
and document data into my database rather than storing the files in the
server filesystem.
I've been mulling over the security implications of this, and want to see
what others are doing in this area. The first thing that comes to mind is
row-level security, and how others are handling the "flow-through" from
table permissions to file system permissions where you're creating the
resultant files. In my environment, I have directory structures for
individual clients, with NTFS permissions applied to the different client
directories so Client A can only see their own data, and not Client B's.
I'm concerned that a possible breach could allow Client A to see Client B's
data unless I impose row-level security on the DB or create multiple views
for each client. I'm open to thoughts on how to best manage that. Also,
are you guys "streaming" the content from DB directly into the browser, or
are you creating a temporary file first, storing that in the file system,
and then referencing that temp file? If so, how are you handling
permissions on that? Via inherited directory permissions? And what about
the context of the web user? You give them delete permissions to "clean up"
the temporary files? The "steaming" context seems a better way to do it...
Just seeing what issues those who have gone through the deployment process
have run into.
I'm starting a new development project where I'm considering moving image
and document data into my database rather than storing the files in the
server filesystem.
I've been mulling over the security implications of this, and want to see
what others are doing in this area. The first thing that comes to mind is
row-level security, and how others are handling the "flow-through" from
table permissions to file system permissions where you're creating the
resultant files. In my environment, I have directory structures for
individual clients, with NTFS permissions applied to the different client
directories so Client A can only see their own data, and not Client B's.
I'm concerned that a possible breach could allow Client A to see Client B's
data unless I impose row-level security on the DB or create multiple views
for each client. I'm open to thoughts on how to best manage that. Also,
are you guys "streaming" the content from DB directly into the browser, or
are you creating a temporary file first, storing that in the file system,
and then referencing that temp file? If so, how are you handling
permissions on that? Via inherited directory permissions? And what about
the context of the web user? You give them delete permissions to "clean up"
the temporary files? The "steaming" context seems a better way to do it...
Just seeing what issues those who have gone through the deployment process
have run into.
Thx
T
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]