I am just playing around and trying to make a very simple CMS. Right now I what I do right now is I use "FtpWebRequest" to get the file that they want to change around and stick it into a jquery plugin call html area(rich html editor).
Now I am wondering how could I allow them to add images that are not already hosted? Ie not on imageshack or something.
I am guessing I need to somehow upload the file and then store it somewhere but not sure how to do all that.
Thanks
A common approach for CMS systems that need to work in low-trust environments (like shared hosting) is to use the FileUpload control, and save the uploaded file as a binary (BLOB) in a database. This avoids dealing with the headache of disk access rights on the web server.
If you're using SQL Server, here's a great article on the database side of things (storing images as BLOBs).
The .NET side of things is pretty straightforward. The FileUpload.PostedFile property has all the information about the uploaded file, including a byte stream of its data.
Related
I'm encrypting and decrypting images because they contain sensitive information.
My struggle here is that I cant do the standard Process.Start(saveImagePath); because the of the encryption.
So far my solution is to just make a Windows Form that opens it in PictureBox because it doesn't require a path and I can just do this:
newImage = enc.Decrypt();
pictureBox1.Image =newImage;
But it's been a struggle trying to simulate Windows Photo Viewer.
My question is, can I open an image with just the image newImage = enc.Decrypt(); without the path in Windows Photo Viewer (or any other similar software), or am I doomed to try and replicate a Photo Viewer program?
Let me start by saying that if the images information is highly sensitive, then there is no way to display it to the user and ensure its security 100%. Even with a memory stream, one can make a memory dump and access the sensitive info. That's not trivial, but doable.
Now that's out of the way, Windows processes cannot directly access each other's memory without going through privileged debug-like API functions like ReadProcessMemory. This is what keeps Windows stable and secure, but makes what you are trying to accomplish not doable. You have to use a file.
Others suggested saving the file in the Windows Temporary folder. That's not any more secure than saving it in any other folder like you're doing. A little more secure way is to create a RAM-Disk, save the files there, display them, and then remove the RAM-Disk.
The RAM-Disk is an in-memory simulation of a hard-disk and you can access it in the same way with a drive letter. Creating and then removing a RAM-Disk isn't a trivial task, and it only offers a little more security, but you're the only one who can decide whether it is worth it. The user can still see and access the files on the RAM-Disk, but only before it is removed. So the only added security it offers is reducing the window during which the user can directly access the files.
Opening the images in your own app like you're doing is still the most secure way, as the only way to extract those files is by making a memory dump, and that's really hard with images (it's easier with text). You can search for some library if you don't want to code it all by yourself.
I have a media centric website that requires us to upload large images, videos to the media library.
I have the default settings for the following settings in web.config.
Media.MaxSizeInDatabase (20MB)
httpRuntime maxRequestLength
I do not want to increase MaxSizeInDatabase limit on the production server for security reasons.
Also, Media.UploadAsFiles is set to false.
So, my question is - Is there a way to configure sitecore such that if the file being uploaded is less than 20MB, it gets stored in the database and the files larger than 20MB get stored on the file system?
As Martijn says, there is nothing built in to automatically detect this, but if you know that the file is going to be large (or the upload fails due to the large size) then you can manually "force it" to save to file on a per upload basis.
You need to use the Advanced Upload option and select the "Upload as Files" option.
EDIT: If you are able to use YouTube then consider the following modules with nicely/tightly integrated with Sitecore. There are a couple of others ways of achieving the same thing for different providers.
YouTube Integration
YouTube Uploader
No, not that I know of. At least not automatically. Uploaded files are either stored in the DB or on the filesystem, based on your setting.
You might want to create an override upload method which could automatically handle this for you or use the manual checkbox in the Advanced Media Upload method as Jammykam says.
Recently I was approached to develop an application (asp.net/c#) to allow users to listen some audio files stored in some shared folders.
The users didn't have access to the shared folders, and the files should be streamed. Also, the page should provide the play/stop/pause/forward/back functions, as well as time elapsed/total time information.
So I setup a webservice that access the required file, and return a Byte[] containing the mp3/wav audio (actually I have to convert them to the desired mp3/wav format prior to returning the Byte[]).
The problem is that I have no idea on how to present it in the webpage.
What i need is a webpage with some control that provides the necessary functionalities and information, loaded from a Byte[].
I've researched the web and tried a lot of snippets and controls with no luck at all.
Any ideas or directions on how to implement it?
Thanks in Advance,
António
You could use HTML5's audio tag, if you expect your users to be using fairly recent browser versions. You'd set the src to a URL that would be set up to write your byte[] to the response stream (e.g. maybe store the byte[] in Session, make an .ashx handler page to return that, and set src="myHandler.ashx").
A good approach would be to use silverlight or flash player, even a java applet.
I'm on charge of building an ASP.NET MVC Document Management System. It have to be able to do basic document management tasks like adding, editing and searching entries and also perform versioning.
Anyways, I'm targeting PDF, Office and many image formats as the file attached to each document entry in the database. My question is: What design guidelines do pros follow when building the storage mechanism? Do they store the document files in the file system? Database? How file uploading is handled?
I used to upload the files to a temporal location while the user was editing the data and move it to permanent storage when the user confirmed the entry creation. Is this good? Any suggestions on improvement?
Files should generally be stored on a filesystem, rather than a database.
You will, however, have to consider some other things:
Are you planning on ever supporting load-balancing, replication, etc for your system?
If so, you'll need to support saving / loading files from a network location of some sort.
This can be trickier than you may imagine.
Are you planning to secure access to the files?
If so, you'll need to ensure they can't be read by someone who happens to know the URL.
eg: by returning the file as an attachment to a request.
This also prevents user-provided files being executed on your server - eg someone uploading an .aspx or .exe file and then accessing it.
Without getting into a large debate as to the merits of doing so, can some one provide direction as to using a VSTO Application Level AddIn (Word 2007) to oepn a MS Word Document from either a database or a web service?
Thank you
Jacob,
Are you suggesting
PC/AddIn Queries Server for a Document
Server returns document to PC/AddIn
PC/AddIn saves document locally (as temp file)
PC/AddIn uses word Open document functionality to open the file locally
Then
PC/AddIn Save these file locally
PC/AddIn Uploads the file back to the server
That doesn't sound quite so hard... In fact it is the type of solution that has a level of simplicity that makes writing / debugging easy.
What advantage does one have using the above methodology as oppoased to WebDAV? Apparently webDav is what alfresco uses...
Another question though, Does word not have the functionality to open documents from a stream in its API?
T
As Jacob noted, you could save the blob as a tmp file, and then open it in the normal way. This is the easiest, though if you need to write the edits back, you'll also need to think about locking.
If you need to worry about those things, WebDAV starts to look more interesting. You could open via WebDAV if you can make your server-side support this, and let Word do the rest (although the document may be read only, depending on client config and server).
Finally, if it is a docx, you could avoid the tmp file, by inserting a Flat OPC version into a new Word using InsertXML. This is a bit more complicated (since you have to make the Flat OPC XML, though there is code for this in an MSDN blog post somewhere), but if you find yourself using InsertXML for other reasons, this might be attractive.