Hi all. Here's the situation. I'm redeveloping the site I maintain, and I'm going to need to take full advantage of PHP through either the creation and modification of dynamically generated files, or I'm going to have to place and deal with all such content in a PostgreSQL db.
So what I'm wondering is which situation would be most effective: to give the user php runs as write access to one directory and then deal with all my dynamic content in that directory, or to store all such content in a database, and allow users to access the content via the db (which would in my opinion result in a more secure CMS).
My initial thoughts would be that a database solution would be best, but since the content which will be stored in the database will also need to be displayed throughout different sections of the site, would this potentially create an issue whereby with almost every single page on the site a db call would be issued? Would there be any negative aspects to this situation?
The negative that I could see for the dynamic file solution would be that a potentially malicious user might be able to easily exploit the fact that permissions on said directory were open to the world. However, I'm very new to the server admin side of things (and am not actually admining the server) so I could (prolly am) way off base here.
Does anyone have any thoughts they'd like to contribute to this?
Thanks in advance for all thoughts presented.
Cheers,
Pablo
