Serving up a file download is really just sending the data of that file
in encoded format with the appropriate headers, right? So, conceivably,
you could store the files in an inaccessible folder, and when someone
wants a download, your application checks security, then opens and reads
a file from the inaccessible folder, then encodes and passes the data
back to the requesting user with the appropriate header information for
it to be recived as a file download.
No one else can use that link because it is security-checked against the
Just a thought - I have no idea what kind of performance issues this
might introduce into your application.
Keep in mind also, this prevents someone from passing the link to a
friend, but there’s no way you can keep them from just downloading the
file and sending that to their friend. You haven’t really made the
process of sharing a downloaded file that much more difficult. So, the
question would be do you really want to devote all this effort to what
is, at best, a thin veil of protection?
Roland M. wrote:
try loginGenerator and use another folder to upload the files?
i also would like do what you are doing.
i believe you can just look at session and if its valid, allow them
access to a folder.
The authentication portion is not a problem here, however, I prefer the
As you say that’s the logic but actually implementing, it’s what’s
bugging me. Routing to files is done differently than routing to
Here are the options I am considering but with little promise:
Place permissions on files and change permissions to read/write when
an authenticated user tried to access the file. Drawback: When do you
change back the permissions? Time to transfer is vulnerability time.
Storing the files in a database. Drawback: Space issues may affect
I am sure there has been some RoR project such as a music store or
ebook store that allowed you to download files from, but have not found
a method online yet.
Thanks for contributing,