Attachement_fu and protecting files from download


#1

I successfully installed attachement_fu but I still
have one question:

How can I protect my uploaded files from being downloaded like

http://127.0.0.1:3000/images/galleries/0000/0001/1.jpg

I only what logged in users to download images?

Thanx.


Jochen K.
gissmoh.de, figgfrosch.de, ror-ror.de


#2

jochen kaechelin wrote:

This has been asked a few times in the past (though I don’t have links
handy) but basically:

  1. You’ll need to save files to a non-public directory (I’ve done this
    with file_column but I expect it’s possible also with attachment_fu)
  2. Add a controller action that will use send_file to send the file to
    the browser
  3. Add a before_filter to make sure that the user is logged in.

Cheers,
Mohit.
7/11/2007 | 12:13 AM.


#3

On Jul 10, 8:47 am, jochen kaechelin removed_email_address@domain.invalid wrote:


Jochen K.
gissmoh.de, figgfrosch.de, ror-ror.de

google for “protected download” or “secure download” or authenticated,
etc

http://www.bencurtis.com/archives/2006/11/serving-protected-downloads-with-rails/
http://robertrevans.com/article/files-outside-public-directory
http://www.rorsecurity.info/2007/03/27/working-with-files-in-rails/


#4

You might also be interested in this discussion:
http://groups.google.com/group/WellRailed/browse_thread/thread/b2b925ea74a605df/

Cheers,
Walter


#5

Correction. send_data and not send_file.

-Pratik

On 7/10/07, Mohit S. removed_email_address@domain.invalid wrote:

  1. Add a before_filter to make sure that the user is logged in.

Cheers,
Mohit.
7/11/2007 | 12:13 AM.


http://m.onkey.org


#6

Pratik wrote:

Correction. send_data and not send_file.

-Pratik

Thanks! Of course, that’s what I meant :stuck_out_tongue:

Cheers,
Mohit.
7/11/2007 | 12:28 PM.