I have to generate roughly 18,000 PDFs that contain sensitive information. The PDFs will be served up through a web application to the end users. Obviously, some users need to see more reports than others. The two ways I’m thinking of serving up the PDFs are physically saving each PDF to a directory under the web application or storing the PDF in the database. The PDFs need to be viewable only by those authorized and I don’t want users to guess URLs to see other users information. But I’m a little hesitant to put this information in a database.
Is one way preferred over the other?
A PDF in the database is no more secure than a PDF on the disk when both are served through the same website. Unless you’re allowing your web server to service the requests for the PDF just like any resource on disk. Which, in your case, would be a bad idea.
I’ve worked on a project with similar requirements. Our documents are stored on disk (not accessible directly via URL in the website), and their locations and security information is stored in a database.
When a request comes in for a document, I determine if the user has rights to the document (queries to the database) and if so, I get the file location out and deliver the file directly over the response stream.