I successfully installed attachement_fu but I still have one question:
How can I protect my uploaded files from being downloaded like
http://127.0.0.1:3000/images/galleries/0000/0001/1.jpg
I only what logged in users to download images?
Thanx.
jochen kaechelin wrote:
I successfully installed attachement_fu but I still have one question:
How can I protect my uploaded files from being downloaded like
http://127.0.0.1:3000/images/galleries/0000/0001/1.jpg
I only what logged in users to download images?
Thanx.
This has been asked a few times in the past (though I don't have links handy) but basically: 1. You'll need to save files to a non-public directory (I've done this with file_column but I expect it's possible also with attachment_fu) 2. Add a controller action that will use send_file to send the file to the browser 3. Add a before_filter to make sure that the user is logged in.
Cheers, Mohit. 7/11/2007 | 12:13 AM.
google for "protected download" or "secure download" or authenticated, etc
http://www.bencurtis.com/archives/2006/11/serving-protected-downloads-with-rails/ http://robertrevans.com/article/files-outside-public-directory http://www.rorsecurity.info/2007/03/27/working-with-files-in-rails/
You might also be interested in this discussion:
http://groups.google.com/group/WellRailed/browse_thread/thread/b2b925ea74a605df/
Cheers,
Walter
Correction. send_data and not send_file.
-Pratik
Pratik wrote:
Correction. send_data and not send_file.
-Pratik Thanks! Of course, that's what I meant
Cheers, Mohit. 7/11/2007 | 12:28 PM.
