There are a couple of ways you can do this.
1) You can implement upload of images or other documents using PHP. (See http://php.net/manual/en/features.file-upload.php for the instructions on handling file uploads.) Advantages: You can control exactly where the files go; you can code the site exactly the way you want it; you can implement security on the files exactly as you want it implemented. Disadvantages: You have to code the site to do all of that.
2) You can use SuperContainer from 360Works (http://360works.com/supercontainer/) in your database instead of native container fields. Advantages: Still get the ability to upload files; much simpler to code; files are still web-accessible. Disadvantages: It's IWP, so your control over things is limited (as is your feature set); depending on your environment, your IT staff may squeal about "vulnerabilities" in IWP (depends on what vulnerability scanning software they're using and how rigid they are about interpreting the results).
There is a third way which I have used with great success, but requires that FMS is hosted on OS X.
Use External Open storage and locate the folder where the conatainer field are stored.
Look up "Symbolic Link UNIX" in Google and create symblic link to the container folder, that link file to be locted inside your web root folder. It looks and talks like an Alias in OSX, but actually is something different, and requires a termnal command to create.
Then a URL directed to a container file via that link will serve up that file in a browser, from anywhere.
I am told that Windows does not supprot Symbolic links though.
The above does not solve th problem the documents preblem of editing. That cold be solved perhaps by set up a an ftp account on the server that pointsto the Symbolic Link: that could be used also to download and upload files. If you don't chnage the file name, FM should not mind, but the FMS backup may not back the file up. You would need to edit the enclosing record somehow so FM sees it as changed.
FMS will mind, very much. Any change to the file will result in FMS recognizing the file has been tampered with and the file will no longer be available.
If you want the user to edit a document then do it securely. Check it out to the user, creating a local copy, and let them edit it. Then have them check it back in, import into a temporary container, and have an administrator validate file acceptance (do at least a Virus check) and move to primary storage.
I know people have for some time allowed end users to update 'live' files but in these days of virus and trojans that is not an acceptable security risk. Its amazing how many files we get uploaded that do not pass a simple virus check. It is unacceptable to store files in our FMP DBs that contain viruses that could then be disseminated to our end users.
The suggested workflow makes sense but what if clients don't have such an administrator. Are you suggesting that everytime a document gets updated, added that a virus check be done? Is there a way to get FileMaker to initiate this? Or can you use setting in your virus protection software to run this scan when a document is saved?
I appreciate your concerns but am curious how to implement this so that it is seamless to the user and doesn't require adding steps to the workflow.
How are folks adding this functionality?