Forum: Ruby on Rails /public content security

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Dorian L. (Guest)
on 2006-05-11 19:04
Hello all,

     I have a question regarding the security of my new web zine.  The
idea is that I have editors that can log into the site, and then upload
comics in the form of a jpg.  The way that I have this set up right now
is that the jpg is submitted through a form and then placed into the
authors sub directory in public/comics/.  The record of the jpg is
stored in a pendingcomics table in the database.  The administrator has
to come in and authorize the comic, which moves the record from the
pendingcomics table over to the public_comics table so that it can be
viewed by the rest of the world.
     Now the problem.  Is this secure enough?  What if one of my editors
forgets to log out and someone hi-jacks the account and posts a ton of
pron.  Now its true that these are not immediately available to the
public, however, if someone knows the name of the files that were
uploaded, can they be retreived directly from the public/comics/id/
directory?
     One possible solution I thought of was to rename the file uploaded
with random jibberish, and simply hide the image from the author untill
it is authorized.  Please give your thoughts on this.

Thanks for any help.
Mathias W. (Guest)
on 2006-05-11 20:23
(Received via mailing list)
On 5/11/06, Dorian L. <removed_email_address@domain.invalid> wrote:
> viewed by the rest of the world.
> Thanks for any help.
Just a thought, but couldn't you store them outside /public/ until
approved? If you are moving them anyway, do you have any perticular
reason to store them under /public/?

Cheers,
Mathias.
Dorian L. (Guest)
on 2006-05-11 21:03
Mathias W. wrote:
> On 5/11/06, Dorian L. <removed_email_address@domain.invalid> wrote:
>> viewed by the rest of the world.
>> Thanks for any help.
> Just a thought, but couldn't you store them outside /public/ until
> approved? If you are moving them anyway, do you have any perticular
> reason to store them under /public/?
>
> Cheers,
> Mathias.

I thought about that, but then the editor cannot view his pending images
through the web interface.  Do you know a way around this? Maybe another
folder with a different set of rights so that they can post into it but
somehow not download? But then they cant view the images still right?

Thanks,
Dorian
Calle D. (Guest)
on 2006-05-12 08:29
(Received via mailing list)
>>>>> "Dorian" == Dorian L. <removed_email_address@domain.invalid> writes:

> I thought about that, but then the editor cannot view his pending images
> through the web interface.  Do you know a way around this?

A plain ordinary controller that sets the right content-type and uses
send_file. Not the most efficient way to send static content (since it
passes through Rails), but I guess you're not going to have that many
editors looking at the same picture.
--
		     Calle D. <removed_email_address@domain.invalid>
		 http://www.livejournal.com/users/cdybedahl/
       "Facts are for people with weak opinions." -- Lars Willför, I]M
Ryan P. (Guest)
on 2006-05-12 11:09
(Received via mailing list)
>
> however, if someone knows the name of the files that were
> uploaded, can they be retreived directly from the public/comics/id/
> directory?


Yes. The solution of "random gibberish" is the same one that Flickr uses
for
all of its photos. However, if you know the direct URL to a photo that
is
deemed "private" you can still see it. Because, in the end, it is still
a
file on a server. Your obfascuation of the URL would simply be there to
prevent the person from remembering it. But, if they got a hold of it,
it
wouldn't matter what your authentication system did to try to stop them.

If you are really worred, stress the importance of the security on your
site. Make the users accountable for what happens to their accounts. If
you
are super worried, setup an aduit trail for all actions that you deem
worthy
of tracking. But, one thing that you have going for you is this
moderation
process. As long as a user can't moderate their own entries, you'll be
in
better shape in that regard since you can filter this bad stuff out.
However, it really comes down to people doing stupid stuff on your
sustem...
and that's what you're trying to prevent.

Best,
Ryan
This topic is locked and can not be replied to.