i am desperately seeking for a solution or at least a hint, for
preventing non-authorized users of my social network app to access
images, uploaded from registered users, without authentication.
I already found the HTTP-REFERRER approach - but as commonly known,
this wont work in situations, where the referrer information is
So it’s not only a bandwidth-stealing thing, but also a privacy issue,
since the users upload images and expect, that no one excepting the
own network of friends can see them.
I can imagine to use mod_rewrite to call a ruby controller for each
website resource and to then check, if the request has at least a
session from my app. But wont that kill the performance of the server,
when each acces is beeing processe by a ruby script instead of getting
it as a file ?
Any help is appreciated !