I’ve been experimenting with the acts_as_attachment plugin and I’ve
been pretty happy with it except for one thing.
By default AAA puts the attached files into ‘public/files’, which is
generally world readable. It is possible to bypass any security and
download files directly from that directory if you know the filename.
For my particular needs, I need to ensure that specific files are only
downloaded by authenticated users. Preferably only those with
sufficient permission to access a particular file.
Does anyone have any suggestions for ways to secure uploaded files?
Actually, the method I posted works pretty well, so I see no reason to
change that.
I did run into one problem tho… when trying to get it to create
thumbnails I keep getting errors about a method called
‘find_or_initialize_by…’. If I’m not mistaken, that method only
appears in edge rails right now, and that causes the acts_as_attachment
thumbnailing to fail on any of the standard rails releases.
_Kevin
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.