Best way to store user-uploaded files in a webapp
I'm creating a web application (in Django), which needs to allow users to upload files (specifically images, which are later displayed for other users). I'm trying to understand the best way to store these uploaded files.
From related questions, I saw some people suggested giving the file a server-generated unqiue id, then creating a DB table which maps ids to original filenames.
Is this the best approach to storing user-uploaded files, from a security, efficiency or any other standpoint? What kind of information should I be storing about each file?
Are there any other best-practices involved with accepting user-uploaded files? (Other than making sure they're really images and checking their size, obviously)?
Edit: A little more info about what I need. I'm talking specifically about image files that users need to upload and embed in content they create. Imagine it like a StackOverflow answer (or a blog post): someone uploads a picture, which has to be stored and displayed whenever anyone else sees the answer.
Thanks,
Edan
Note: There are several related questions, but I haven't found one which asks for a comparison of ways to store user-uploaded files.
Answer
Your question is too broad to really be helpful; best approach will depend on your specific requirements. Nonetheless...
Programmers are constantly tempted to plonk files into the database. Resist. It just adds a layer of complexity to everything you try to do with them thereafter.
For my experience, whilst using a hashkey as the local filename was my preference, it didn't really work out because our files weren't restricted to images: the non-images need a filename to serve back to users, and the uploaders don't particularly like having their files radically renamed since it makes it impossible for them to know what file is what.
As for images there is some non-trivial work to do in rescaling to various sizes/thumbnails.