Attachment foo - files security

Hi,

I am using attachment_foo for sharing files between users. Everything
works fine but I am worry about the security.

All files are stored in the public rails folder so any browser can
easily access these files!!
I know that the folder path is specific but probably I could write a
simple script that could find some common file names.

Guys, did you think about that during development?

Is there any way to serve files by rails app. So that I could avoid
storing files in public directory?

Is database good idea? Is it efficient way?

Thank you.

Hi,

I am using attachment_foo for sharing files between users. Everything
works fine but I am worry about the security.

All files are stored in the public rails folder so any browser can
easily access these files!!
I know that the folder path is specific but probably I could write a
simple script that could find some common file names.

Guys, did you think about that during development?

Use X-sendfile, X-Accel-redirect or generate hard to guess filenames
(ie /1ea39e7eacd783eda093223aebdcdf234/myfile)

Fred