My app allows visitors to upload XML files which I parse, store in the
DB for review / modification, and then create a new XML file. I want to
put the files somewhere other than RAILS_ROOT/public so they’re not
publicly visible during the visit. Like maybe RAILS_ROOT/private. What
would be really cool is if I could somehow ensure that only the app
had access to them. I’d appreciate hearing from anybody who’s got any
experience with storing files like this. Any pointers? Any gotcha’s I
need to look out for?
My app allows visitors to upload XML files which I parse, store in the
DB for review / modification, and then create a new XML file. I want to
put the files somewhere other than RAILS_ROOT/public so they’re not
publicly visible during the visit. Like maybe RAILS_ROOT/private. What
would be really cool is if I could somehow ensure that only the app
had access to them. I’d appreciate hearing from anybody who’s got any
experience with storing files like this. Any pointers? Any gotcha’s I
need to look out for?
Two options.
you can stream the files with send_file through a controller (I have
a Docs controller that does this). This is easy enough for smallish
files… like XML. But I guess there are memory and performance problems
if you have to stream large media files.
You can use the same controller as above but instead of streaming
with Rails, use the X-LIGHTTPD-send-file (or X-Sendfile depending on
your web server) HTTP header to tell the web server to serve a file that
isn’t in the document root.
For the latter, you’d need to set the content-type and
content-disposition HTTP headers as appropriate.
-matthew
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.