urnotsam urnotsam - 22 days ago 5x
PHP Question

User image uploading

I am currently developing a web app. In a few places I allow users to upload images for various reasons. Now that the site is live (hosted on GoDaddy) I can't seem to figure out the best place to put the images that are being uploaded. I do have an external server which runs my database, but it is not set up for FTP so I can't easily use my PHP backend to upload them and retrieve them. To me it does not seem like a good idea to store them directly on GoDaddy either.

Should I create an FTP server to do this? or are there better options.


If you want to store the images on a remote system, then you indeed do need some way to transfer them. Specifically that means you need to setup and operate a server and you need to use a client to trigger the actual transfers. This limits your possible choices to those client implementations available on your wen hosting platform.

FTP is such a protocol, to use it you would obviously need a FTP server. However the issue with FTP is that it is a dinosaur from an area long gone. It is a left over from the 1970th. Totally outdated. It was designed for a network topology that had completely different challenges than todays internet. And indeed it does create a lot of issues. First, it does not encrypt the transferred data. That is a huge privacy issue, obviously. There are indeed versions these days that offer encryption. However that protocol variant, called FTPS, only encrypts the communication channel, whilst all other channels, all those used to transfer the actual files, stay not encrypted. The second big issue with that protocol is that it requires quite some effort for the firewall setup. It opens a separate network connection for each transfer which is inefficient. Separate ports are expected to be open towards the internet. A nightmare for firewall administrators. And it might even be that the protocol cannot be used in some situations, for example it is nearly impossible to use FTP in combination with port forwarding scenarios. That is why FTP is not really a good choice for what you plan in my eyes. Though indeed it still is in wide spread use these days.

An immediate alternative is the "modern drop in replacement", the SFTP protocol. Though called similar and indeed serving exactly the same purpose, it is a completely separate protocol from a technical point of view. It operates based on the secure shell protocol (SSH) for which servers are also wide spread and proven. It offers strong encryption, offers means for all activities required for the task at hand and is much easier to configure with look on the network setup. All traffic, so control and payload traffic is sent though a single network connection. Most implementations are developed as Open Source project with all the benefits in security and fast reaction on potential issues that come up. Another plus: it allows authentication based on asymmetric key pairs instead of passwords which further raises the security. This protocol is my personal choice. Also because you need to operate an ssh server anyway to manage your systems. This keeps the footprint small ;-)

There are further alternatives like WEBDAVS for example. But they are less well known, less easy to setup. Which is why I would recommend against such experiments, except if there are very specific reasons.

A last option are network shares. That allows to treat file transfer between systems like local file operations which obviously is a big plus. Such connections can be encrypted, but are not really designed for long distance communication. So this depends a bit on your specific situation. Typical choices here would be NFS or SMB/CIFS (Samba). Probably also some newer "distributed file systems" might be usable. But I cannot say much about those due to lack of personal experience ;-) The biggest issue I see with this option is that it requires privileged access to the client system (so your web hosting platform), since you have to mount the share into the local file system, be it on system or on user level. This typically is not possible in cheap web hosting scenarios.