Depending on your needs I would either put them in a database or on Amazon
S3. Then write a page that retrieves them and returns them with a stream
response. With S3 you could also securely serve them direclty from S3.
On Fri, Sep 27, 2013 at 8:50 AM, Steve <steves...@gmail.com> wrote:
> Hi,
>
> I have an application which requires a user to upload some files. They are
> then saved somewhere. Currently that place is in the context, so for
> example:
> ${context:/userfiles/}${user.name}/{$id}/${filename}
>
> I do not think this is the best way to do it, as that means anyone who
> knows that URL can go to it and see that file. These files should be
> restricted for my application so only a particular user can see them.
>
> I need to be able to access the files in two ways:
> 1- To do some processing on the server side, currently this is done with a
> File object which has a full path on the local file system.
> 2- To be able to send that content to the user, currently this is done by
> using ${context:/}... etc.
>
> For example, the file may be a PDF. I may need to do something on the
> server with that PDF, but I would also like to be able to embed that pdf
> which I can currently do like this:
> <object width="400" height="500" type="application/pdf"
> data="${context:/userFiles}${fileUrlWithinContext}" id="pdf_content">
> <p>The PDF cannot be displayed, please update your browser.</p>
> </object>
>
> If I wish to be able to serve this file, I believe it needs to be within
> the context (Or maybe this is where I am wrong, but I can't find how else
> to serve files). From there I can also mess with it on the server since I
> have the local path to it. However, is there a way to protect these files?
>
> I assume I am doing something very, very wrong here but I just don't know
> exactly what. I'd really appreciate some guidance.
>
> Thanks,
> Steve
>
