Hi, i am desperately seeking for a solution or at least a hint, for preventing non-authorized users of my social network app to access images, uploaded from registered users, without authentication.
I already found the HTTP-REFERRER approach - but as commonly known, this wont work in situations, where the referrer information is blank.... So it's not only a bandwidth-stealing thing, but also a privacy issue, since the users upload images and expect, that no one excepting the own network of friends can see them. I can imagine to use mod_rewrite to call a ruby controller for each website resource and to then check, if the request has at least a session from my app. But wont that kill the performance of the server, when each acces is beeing processe by a ruby script instead of getting it as a file ? Any help is appreciated ! Cheers martin --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
