I’ve set up attachment_fu to save photos for my rails application to
amazon s3. All works great but now I’d like to add some privacy to
this.
So, if one of my users downloads a photo it is only viewable by that
user.
One idea is to use the uuid_primary_key function to pseudo-randomize the
pictures.
That is, the general public would have to guess the uuid_primary_key to
steal the photos.
But, this is not completely safe and private.
Does anyone have any other ideas? Or should I view uuid_primary_key as
safe enough?
On Sat, Jun 20, 2009 at 6:01 PM, John
Clancy[email protected] wrote:
That is, the general public would have to guess the uuid_primary_key to
steal the photos.
But, this is not completely safe and private.
Does anyone have any other ideas? Or should I view uuid_primary_key as
safe enough?
Amazon have a system where you can set a private url that expires
after a short time.
The expiry is encoded into the url so it can’t be changed.
Attachment_fu supports it with something like:
file.authenticated_s3_url(:thumb, :expires_in => 5.minutes.to_i)
Andrew T.
http://ramblingsonrails.com
http://MyMvelope.com - The SIMPLE way to manage your savings