Martin - > > > On Jan 10, 4:15 pm, sunstalker <[email protected]> wrote: >> Hi, >> >> i am desperately seeking for a solution or at least a hint, for >> preventing non-authorized users of my social network app to access >> images, uploaded from registered users, without authentication. >> >> I already found the HTTP-REFERRER approach - but as commonly known, >> this wont work in situations, where the referrer information is >> blank.... >> >> So it's not only a bandwidth-stealing thing, but also a privacy >> issue, >> since the users upload images and expect, that no one excepting the >> own network of friends can see them. >> >> I can imagine to use mod_rewrite to call a ruby controller for each >> website resource and to then check, if the request has at least a >> session from my app. But wont that kill the performance of the >> server, >> when each acces is beeing processe by a ruby script instead of >> getting >> it as a file ? >> >> Any help is appreciated ! >> >> Cheers >> >> martin
I wouldn't wait til rails had your request - static (image,etc) file serving won't scale. You can likely find a better (ie. more performant) option in your proxy - apache, nginx. We serve all static files using nginx - you can likely wire up some checking there. Jodi --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
