Gavin Morrice wrote: [...] > send_file isn't appropriate here ( as far as I'm aware ).
Why not? It sounds like exactly what you want -- a way to send an arbitrary file that isn't in the public directory. > > Suppose my profile image is located at "images/3.jpg". I want to > prevent users from then visiting "images/4.jpg" and checking out > pictures they don't have access to. Then don't put the images in the public directory. The public directory is, well, public. > > So far, encypting the image name seems to be the only solution. > > ie- "images/8dfa7dg6g82h9dhn9njn23knjkknsdf9.jpg" > > Making it a little more difficult to 'guess' the picture url. This could work too. Best, -- Marnen Laibow-Koser http://www.marnen.org [email protected] -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
