attachement_fu and protecting files from download

I successfully installed attachement_fu but I still
have one question:

How can I protect my uploaded files from being downloaded like

  http://127.0.0.1:3000/images/galleries/0000/0001/1.jpg

I only what logged in users to download images?

Thanx.

jochen kaechelin wrote:

I successfully installed attachement_fu but I still
have one question:

How can I protect my uploaded files from being downloaded like

  http://127.0.0.1:3000/images/galleries/0000/0001/1.jpg

I only what logged in users to download images?

Thanx.

This has been asked a few times in the past (though I don't have links handy) but basically:
1. You'll need to save files to a non-public directory (I've done this with file_column but I expect it's possible also with attachment_fu)
2. Add a controller action that will use send_file to send the file to the browser
3. Add a before_filter to make sure that the user is logged in.

Cheers,
Mohit.
7/11/2007 | 12:13 AM.

google for "protected download" or "secure download" or authenticated,
etc

http://www.bencurtis.com/archives/2006/11/serving-protected-downloads-with-rails/
http://robertrevans.com/article/files-outside-public-directory
http://www.rorsecurity.info/2007/03/27/working-with-files-in-rails/

You might also be interested in this discussion:

http://groups.google.com/group/WellRailed/browse_thread/thread/b2b925ea74a605df/

Cheers,

Walter

Correction. send_data and not send_file.

-Pratik

Pratik wrote:

Correction. send_data and not send_file.

-Pratik
  
Thanks! Of course, that's what I meant :stuck_out_tongue:

Cheers,
Mohit.
7/11/2007 | 12:28 PM.