Forum: Ruby on Rails How do you protect files in RoR

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Milan D. (Guest)
on 2009-03-27 17:45
I'm mostly interested in mp3 files. I'm supposed to build a music store
app. Where should you keep files (s3?). And what's more important how do
you protect other people from using the same link? I guess you have to
generate it dynamically. Is there any other solution or maybe any plugin
available?
Frederick C. (Guest)
on 2009-03-27 17:55
(Received via mailing list)
On Mar 27, 3:45 pm, Milan D. <removed_email_address@domain.invalid>
wrote:
> I'm mostly interested in mp3 files. I'm supposed to build a music store
> app. Where should you keep files (s3?). And what's more important how do
> you protect other people from using the same link? I guess you have to
> generate it dynamically. Is there any other solution or maybe any plugin
> available?

Something like X-Send-File (apache) or X-Accel-Redirect (nginx) allows
you to use apache/nginx to do the actual heavy work of transferring a
large file to the client, while still letting your rails app control
access. These both assume the file is on the same server as the one
running your instance of apache/nginx

Fred
Phlip (Guest)
on 2009-03-27 20:20
(Received via mailing list)
Frederick C. wrote:
> Something like X-Send-File (apache) or X-Accel-Redirect (nginx) allows
> you to use apache/nginx to do the actual heavy work of transferring a
> large file to the client, while still letting your rails app control
> access. These both assume the file is on the same server as the one
> running your instance of apache/nginx

Use Paperclip, and put the files on a shared mount that all of your
servers can
see. (If you cluster.)

Put the files in a folder named after a hash of today's date + a salt -
a
password. Concatenate the date to the password and hash the whole thing,
then
write a cron that renames the folder every day.

Paperclip has an option to set the filesystem path dynamically, like
routes.rb.
Put the hash into this path, and serve the files freely. Nobody can
hot-link
them because the hash will change daily.

--
   Phlip
Matt J. (Guest)
on 2009-03-28 19:23
(Received via mailing list)
You might be looking for this part of S3:

http://docs.amazonwebservices.com/AmazonS3/2006-03...

That will let you generate a URL that has an expiration date for a
particular file; you may also be able to use Amazon FPS to handle the
payment part of the system.

---

On a totally non-Rails related note, I'm still amazed at all the sites
that think an "mp3 store" will create lots of revenue. It may bring in
a little cash, but ultimately iTunes has a massive lock on the market.
See some figures here:

http://cdbaby.org/stories/09/01/15/8158752.html

For 2008, iTunes generated roughly 85% of sales. The remaining 15%
includes virtually every other major digital download site (Yahoo,
Napster, Rhapsody, etc). The only thing that amazes me more than the
thousands of tiny mp3 stores is the constant VC attention to the
"MySpace music store" thing. What sane user would *ever* type their
credit card info into part of Myspace??

--Matt J.


On Mar 27, 11:45 am, Milan D. <removed_email_address@domain.invalid>
This topic is locked and can not be replied to.