Forum Moderators: open
As we know, we be able to save our images to database by saving their binary data or image path. If we save the binary data we needn't to save the images in image folder. I'm curious to know, which is the best practise?
By saving their binary data, when retrieve the image, I must use the content type Response.ContentType = "image/jpeg" , due to this, the page that I use to display the image can't be use to display their Description as well such as image name and details of the image.
I use this method (OLE object) is because we don't want to create a writable folder for saving the images. (the images are uploaded by users) .
1.) I want to know Due to I allow users to upload images/files into my web-site, so I have to set a folder which name uploadfile to be writable. But, my concern is would it be a problem? I mean security problem. As we know that window 2000k has provided a lot of folder's permission such as Folder Full Control, Modify, Read & Execute, List Folder Contents, Read, and Write. Until what limit our web-site should be exposed so that it won't get hacked?
2.) How do most of them did when they allow user to upload files into their web-site, like geocities (photos), jobstreet(resume).
I did read the article from stardeveloper.com, but I can't get the answer I want.
