i'm trying to debug something (file_column plugin) which makes use of RAILS_ROOT to determine a root storage path
root_path = File::join RAILS_ROOT, "public" that's well enough - but this same path is used throughout the code to generate urls for files under root_path. my understanding of RAILS_ROOT and the "public" subdir is that one should never be generating links from outside of "public" in this way since it subverts security at minimum and, at maximum, is broken since a url relative to RAILS_ROOT is not guaranteed to be visible since RAILS_ROOT is a file_system concept and is not in url space. is this correct? -a -- =============================================================================== | ara [dot] t [dot] howard [at] noaa [dot] gov | all happiness comes from the desire for others to be happy. all misery | comes from the desire for oneself to be happy. | -- bodhicaryavatara =============================================================================== _______________________________________________ Rails-core mailing list Rails-core@lists.rubyonrails.org http://lists.rubyonrails.org/mailman/listinfo/rails-core
