On Wed, April 26, 2006 11:18 pm, Peter Lauri wrote: > Should I put the files outside of the web file system (outside of > httpdocs) > so that they can not get the file thru the web browser? Yes. > Or should I save the docs in a database instead and control the access > thru > that? I would only put data into the database that you actually want to search, sort, and compute statistics on. So unless you plan on letting them search for Word docs based on whether or not the control codes internal to the Word format are in there based on some Regular Expression, I wouldn't cram the Word docs into the database. It just seems "clutterd" to me to have data in the database that doesn't actually have any database operations done on it. It also may add another thin security layer (defense in depth) to not have the documents available in the database, in case the database is penetrated. [This kinda depends, though, on whether you have other users with shell access and/or MySQL access...] The Operating System File System is also generally more efficient for handling these "large" files, so that's a small plus for outside the db. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php