In our prototype application that we are building, we need the ability for users to be able to download files and we also need the ability to upload files; I have a few questions...
1) Where on the server should we put files that can be downloaded
2) Can we make the download location dynamic based on who is logged into our application
3) Is the location where the files are stored secure? (i.e. if User A is logged in, could they alter the URL so they could download files that are meant for user B)
4) Where on the server are files uploaded to?
5) Can we make the upload location on the server dynamic based on who is logged into the application? (i.e. if user A is logged in then their files go into .../apps/[user A files]/)
6) Are uploaded files secure? (i.e. can anyone access them without logging into the application and can user A access user B's files)
7) Is it possible to lists files in a directory on the server in FS?
Formspider handles downloads and uploads from the database. For upload here is the tutorial: http://theformspider.com/learningcenter/tutorial-15-how-to-upload-a-file/ and here is the demo http://formspideronline.com/formspider/main.html?name=DemoMain#DemoFileUpload
For download, Formspider has two API's:
First API is called api_datasource.download with the following signature: download(in_datasourceDotColumn_tx varchar2, in_fileName_tx varchar2, in_row_id number:=null) . So you specify the datasource name and column name which hold the BLOB you want the user to download. Next, you specify the file name and finally you specify the datasource row id optionally. If no row id is specified the API will attempt to download from the current row in the datasource.
If you want to place your files to the file system that's fine too. In that case you can use the api_application.fileDownload API which has the following signature: fileDownload(in_link_tx varchar2, in_title_tx varchar2:=null, in_fileName_tx varchar2:=null). The first parameter in_link_tx is the URL (relative or full path) your application will attempt to start the download. in_title_tx is the Title of the dialog window that opens up on the user's screen. in_fileName_tx is the default file name you want to give the downloaded file.
So with that information in mind, let me answer your questions:
You can put them to the database or to the file system.
Yes. As you can see in both API's (api_datasource.download and api_application.fileDownload) the developer can dynamically change the content of the download.
This totally depends on your implementation not to Formspider. :-). If you place the files in the database, then things should be pretty much secure unless you make a mistake that I cannot think of right now. If you place you files to the file system, then you should not place them in a publicly accessible folder. You should write a servlet that serves the files after validating the request. An easy way to achieve this is to create hard-to guess temporary access tokens that you can validate before allowing the download to start. So the download link you generate would be something like http://www.mydomain.com/downloads/download.jsp?accessToken=gjtudjsi . Your servlet would validate the accessToken gjtudjsi against the list of valid tokens. If valid it would remove the token from the list and start the download.
The files are uploaded to the database. From there you can do whatever you want with the file. The Tutorial above explains it all.
As shown in Tutorial 15, once the upload finished you can do whatever you choose to do with the downloaded file.
Yes but this has nothing to do with FS. It's just a feature of the application server you use.
Hope this helps.
Kind Regards, Yalim