I've heard bad things about storing files in DBs. I am biased against it naturally. I've done some research and I think I might just store the file in an encrypted format, and unencrypt it if needed.
>SQL Server database? Just serialize them ( with encryption if you like ) and store as a bitstream in a varbinary(max) column
>
>
>>I have a large ASP.NET application running on Windows 2003 web server. Parts of the system serve up static files (pdfs, csv, excel, etc) that contain sensitive data. The files are created by certain processes in the system, are uploaded by users and administrators, and are obtained by some integrations with other systems.
>>
>>Where is the best (most secure, practical) place to store these file. I have been storing them outside of IIS and using .NET code to serve up the file when needed. This has been working fairly well but users have posed concerns about security of these sensitive files, since they are stored on a web server.
>>
>>It has been suggested to store them in the database, but I would rather not do that.
>>
>>Any ideas out there? Thanks!