Resolved Need clarity on uploading documents or images to virtual directory

[vkkishores]

HI
can anyone clarify on storing images, documents into a virtual directory of a website?

I have a web application, where many of my users will upload some files to the website, the files can be a pdf,doc,docx or an image file.

is it a good practice to upload all these files to virtual directory? if we upload many files , later on one days the Uploaded Folder size will be approximately 1GB or 2 GB .

is there any performance issue if we do so ?

kindly clarify?

Regards

 

[Skydiver]

How is the "Uploaded Folder" getting populated? If it's your code that is populating the folder, then pick a different location to save the files to.

 

[Skydiver]

As quick aside, be careful should you decide to store files within your web app's virtual directory. Make sure that your users can't navigate to those files through your web site. It will be the ultimate form of injection (HTML, CSS, JavaScript, etc.) into your site.

 

[vkkishores]

hi thanks for the reply
seems to be my question is not clear, i was thinking whether storing 3rd party files in a VIRTUAL Directory is a good practice or not? apart from CSS atacks will this create any performance issue if folder sizes cross 1GB.

 

[Skydiver]

In general, you want your virtual directory to be be dedicated to running your app. (Almost) Everything in your virtual directory is meant for your users to download to their browser. Normally, to run your app, you may need some file storage, and so ASP.NET makes provisions for this by having an App_Data directory available for your application's use. By default ASP.NET blocks users from navigating into the App_Data directory to help maintain security. Beyond that App_Data directory, you should treat your virtual directory as read-only for all intents and purposes. Your app should have read-write access only on the App_Data directory tree. Anywhere else, it should not have any rights to write files.

The big question is why are you storing uploaded files in your virtual directory? Why does it have to be in the virtual directory directly? Why can't it be in the App_Data directory?

Let's say you do store in the App_Data directory instead of in the virtual directory, the next thing to consider is whether the data is transient, or meant to be long term data. If it's transient, do you even need to write out a file? Why can't you just use the data stream that was given to you while handling the upload? If you need to write it out to a file, delete the file as soon after processing it as you can. If the file is meant to be long term data, do you have a backup plan incase the web server gets nuked? Do you have a security plan in case your web server gets hacked? Perhaps the file should not live on the web server, but rather in some file storage behind the firewall.

I don't know where got the impression that large amounts of data stored in a file system would have a performance impact. It's not the file size that has a performance impact since everything is kept in a data structure that is not impacted by size. It is the number of files all in a single directory that has an impact on performance if you are constantly trying to get a list of files. If your file access patterns are such that you always know exactly the file that you want to access, then again file system is optimized for this kind of access.

 

[vkkishores]

Wow Wonderful explanation, thankyou you very much for a detailed explanation
1) recently i saw a web application where they are storing 100's of pdfs and videos in separate folder other than app_data . they created a multiple folders with name "documents", "videos" "exceldoc" etc
2) so i was checking with multiple people whether this is the right approach or not and will this creates any performance issues. I did not get a proper answer and I am bit confused with this , because these files and folders are part of Virtual Directory and i am assuming there might be some performance delay because of these folders and files. because end of the day all these are part of Virtual Directory

based on your answer i understood my assumption is wrong .


i found this forum is good and thought to clear all my doubts

 

[Skydiver]

recently i saw a web application where they are storing 100's of pdfs and videos in separate folder other than app_data . they created a multiple folders with name "documents", "videos" "exceldoc" etc

Try doing some URL having to force navigation into those directories. Most people forget that navigation can be forced. Those that do remember will set up their web server to block access to those folders.

 

[cjard]

Your computer hard disk probably contains over a million files. It's no particular problem to store lots of files on a disk