Sorry, by "still allow access" I simply meant that I could still refer to the images in my HTML. ( <img src='/images/pic.jpg'> )
send_file isn't appropriate here ( as far as I'm aware ). Suppose my profile image is located at "images/3.jpg". I want to prevent users from then visiting "images/4.jpg" and checking out pictures they don't have access to. So far, encypting the image name seems to be the only solution. ie- "images/8dfa7dg6g82h9dhn9njn23knjkknsdf9.jpg" Making it a little more difficult to 'guess' the picture url. Anybody know of a better way to handle this? Gavin On Jul 3, 1:45 pm, Andrew Timberlake <[email protected]> wrote: > On Fri, Jul 3, 2009 at 12:40 PM, Gavin<[email protected]> wrote: > > > Hey all! > > > Im building an app at the moment in which users can upload images of > > themselves. > > > The problem is, because these images are stored in the public > > directory they are open to the public. > > > How can I protect these images but still allow access to them in my > > views? > > > thanks > > > Gavin > > You'll need to explain protect but still allow access. > You could store them in another directory and then use send_file to > send the file after some form of authentication. > You can also do this with nginx (better scalability) via the method I > explain on my blog > athttp://ramblingsonrails.com/how-to-protect-downloads-but-still-have-n... > A similar method exists for Apache. > > Andrew Timberlakehttp://ramblingsonrails.com > > http://MyMvelope.com- The SIMPLE way to manage your savings --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
