I am using attachment_foo for sharing files between users. Everything
works fine but I am worry about the security.
All files are stored in the public rails folder so any browser can
easily access these files!!
I know that the folder path is specific but probably I could write a
simple script that could find some common file names.
Guys, did you think about that during development?
Is there any way to serve files by rails app. So that I could avoid
storing files in public directory?
I am using attachment_foo for sharing files between users. Everything
works fine but I am worry about the security.
All files are stored in the public rails folder so any browser can
easily access these files!!
I know that the folder path is specific but probably I could write a
simple script that could find some common file names.
Guys, did you think about that during development?
Use X-sendfile, X-Accel-redirect or generate hard to guess filenames
(ie /1ea39e7eacd783eda093223aebdcdf234/myfile)