we are developing an app for a company and their data has to be
private. There will be different stakeholders with different roles
accesing the application and there will be lots of attachments.
We are using paperclip to upload attachments, which are stored in the
filesystem within the public directory.
Right now, the image_tags are only rendered if you are logged in and
your role allows you to, but you can copy the URL and access the image
any time, even without logging in, because the images are served
directly and there is no controller involved. Also the URLs of images
are pretty simple like "APP_PATH/attachments/8/report.pdf" or
something like that, which makes it easy to guess other file URLs.
So, what can you do to protect people form accessing file they should
not? I have compiled a list of possible strategies we have thought
about or read about on the internet:
1. Generate random names for directories and put the files inside.
Regenerate the random directory names periodically, so attachments are
harder to hit by trying randomly and the URLs have an expiry date/
time. Seems a bit messy, IMHO.
2. Store attachments outside of public and serve them using a
controller and send_file. I think this works for download links but
what about embedding images?
3. Store attachments in DB? Similar to the previous, i guess you would
need a controller to serve the files.
Any suggestions? Any experiences, good or bad?