Forum: Ruby on Rails Serving lots of images to only registred users

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Gokhan A. (Guest)
on 2006-01-10 15:32
Hello guys,

I am building a photo website and I have some questions before I really
start programming the site.

My system will be Debian + lighttpd + mysql +fastcgi + ImageMagick

I plan to use file_column for image handling/verification and thumbnail
creation.

My question is;

I need to store images in a place outside of webroot so only registered
members can see them. To serve them secure way I was planning to use
send_data to show pictures but

In thumbnails section I will be showing  20 images per page and lets
assume their url will be

domain.com/browse/image/111

it means image action in browse controller will be called 20 times =
lots of sql query to run especially for each image action I have to
check if user is logged in user. It can be pretty heavy.

Anybody has better idea? Or anybody worked on such a project and what
kind of solution you followed?

Thanks all

Regards
Gokhan
Tarmo =?ISO-8859-1?Q?T=E4nav?= (Guest)
on 2006-01-10 16:42
(Received via mailing list)
You could use lighttpd mod_secdownload[1], this way all authentication
would only be done for the page itself and the page will decide
if it will generate you working links for images. Ofcourse that means
that the images have to be directly accessable from /public, but
noone without access to the pages that show the images would be
able to link to the images.

[1] http://www.lighttpd.net/documentation/secdownload.html
Adam D. (Guest)
on 2006-01-10 16:45
(Received via mailing list)
what if you created a mapping in routes.rb for viewing images thru a
controller, and then in the controller you put up top something along
the lines of

before_filter :login_required to force a login for viewing any of those
images ?

just an idea, i havent actually tested it.

adam
Gokhan A. (Guest)
on 2006-01-10 23:03
Tarmo =?ISO-8859-1?Q?T=E4nav?= wrote:
> You could use lighttpd mod_secdownload[1], this way all authentication
> would only be done for the page itself and the page will decide
> if it will generate you working links for images. Ofcourse that means
> that the images have to be directly accessable from /public, but
> noone without access to the pages that show the images would be
> able to link to the images.
>
> [1] http://www.lighttpd.net/documentation/secdownload.html

Hello Tarmo,

few weeks ago I looked at mod_secdownload and now when I looked at
again, it might be a good option to go for.

PS: Anybody using it with heavy load?

Thank you very much

Gokhan
This topic is locked and can not be replied to.