I've been experimenting with the acts_as_attachment plugin and I've
been pretty happy with it except for one thing.
By default AAA puts the attached files into 'public/files', which is
generally world readable. It is possible to bypass any security and
download files directly from that directory if you know the filename.
For my particular needs, I need to ensure that specific files are only
downloaded by authenticated users. Preferably only those with
sufficient permission to access a particular file.
Does anyone have any suggestions for ways to secure uploaded files?