To address two questions/points directed to me... Tarun wrote: if the data is less i mean the image data is around 10-20 mb..then it is good to use the db for images saving in it. Let's take an application like, PhotoShop or even iPhoto - from Apple (which is actually a better example). Neither of the applications has a database in which they store the entire image. Photoshop doesn't even store thumbnails - it generates 'previews' on the fly. iPhoto stores Thumbnails... and copies your image to a location in a directory (so even if you screw up the image using iPhoto - you're only editing a copy located in a directory). As for the 10-20MB size - eeeeekks. If you've got images that big you certainly don't want to store them in your database, where you have to extract & decode them, then present them via your web interface - performance would very rapidly go down the drain - One might ask: How would one of the largest photo sharing web-sites on the planet, Flickr, do it? Go there, just view a few images, and then use View Source from your browser. and LuckyGuy354 wrote: if the file is sensitive, and only some person have permission to open the data? Only authorized persons should have direct access to the files - without using the browser - there are ways (using apache) to make it such that you can't 'browse' images in a directory. To make it extremely difficult for someone to even guess what's in the file you could - take the submitted file, sha1 the original 'name', store the file using that sha1 name in a directory, store the original name in the database and whammo you have enough randomness in the filename, cross referenced using the original name stored in the database, that it would be VERY VERY difficult for someone to even generate a link to the encrypted filename. And directory protections should be such that only the application has access to the file - that keeps external eyes off your files. e.g. <a href="http://myhost:8888/images/ b3580ab45cb088ba47ff070aa81c2dae1be56ca2.jpg"> Again, I would still store non-binary data (regardless of type) outside the database with some kind of location identifier stored in the database that can then be used to generate links to the image(s) on the fly. Let the browser do the work it was designed for (decoding and presenting the image).
