Koloa Poipu [2008-02-27 18:20]:
the web server, say apache will be the one responsible for
serving images. so after i authenticate a user and check if the
user has permission to view a certain view, the view action will
be called with a url that contains timestamp, secret string,
etc..which apache will compute to see whether or not to serve the
exactly. your application generates a URL to your resource which
apache will check for validity. only then will apache serve that
resource to the user. hence, your application controls whether to
allow the user access to the resource or not.
What is the purpose of the timestamp?
the timestamp makes the URL only valid for a certain time. if the
user saves the previously received URL to get access to the resource
again at a later time, the timestamp prevents a successful "stealing".
i suggest you just try Apache Secure Download  and see if it
suits your needs if i can help you make it work, just let me know.
(it's available as a gem from rubyforge -- sudo gem install