I think the safest way is to store images outside your public directory for storing images. Then create (controller and) action to retrive images using send_data. For example:
@person = Person.find(@params['id']) File.open(@person.picture, "rb") do |image| send_data image, :filename => @person.picture, :type => "image/jpeg" end You could add before filter to check if user is authorized. Also when uploading file you should store it's content type somewhere in database. On Jan 10, 4:15 pm, sunstalker <[email protected]> wrote: > Hi, > > i am desperately seeking for a solution or at least a hint, for > preventing non-authorized users of my social network app to access > images, uploaded from registered users, without authentication. > > I already found the HTTP-REFERRER approach - but as commonly known, > this wont work in situations, where the referrer information is > blank.... > > So it's not only a bandwidth-stealing thing, but also a privacy issue, > since the users upload images and expect, that no one excepting the > own network of friends can see them. > > I can imagine to use mod_rewrite to call a ruby controller for each > website resource and to then check, if the request has at least a > session from my app. But wont that kill the performance of the server, > when each acces is beeing processe by a ruby script instead of getting > it as a file ? > > Any help is appreciated ! > > Cheers > > martin --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
