I am currently working on a Vue JS + Vuetify + Axios + Laravel architecture where I am making a dashboard. Currently I am working on the user profile where they can upload a picture for their avatar but also can upload their business licence (via a different uploader). User need to be able to modify update those documents later on. What is the best strategy to implement this requirement nicely and with proper security ? Store the files in a private area of Laravel or a public one after renaming it with a random + user name? Store the file as a blob in mysql directly and retrieving ? Store the path of the file in mysql only while storing the file in a public/private folder under Laravel tree ? For authentication I plan to use jwt and websanova.
1 Answer
Where you store the avatar depends on where it needs to be displayed. Will it be shown only to that user? Other logged in users? Non-authenticated users?
Regarding the user's business licence, I would store that in a folder that's not publicly accessible and access it via an API endpoint. This way you can implement the necessary security rules via your Laravel controller.
Generally speaking, I'd avoid storing files in a DB. You're bloating the size of the DB, which impacts on doing backups/restores, among other things. Having files stored on the file system also makes it easier to move to cloud storage (such as Amazon S3) at some point, if you need to scale your app.
1 Comment
user92481
the avatar will be used only to logged users