Protecting images from the public

I know there was a thread about this a while back, and Al Evans posted
this reply to a question about protecting images from being directly
accessed by typing in the URL.

Al Evans wrote:

Here’s a method I’ve used for sending pictures from an arbitrary
location in the file system:

def get_pic
send_file(User.photo_file_name_for(@params[:id]), {:disposition =>
‘inline’, :type => ‘image/jpeg’})
end

You could modify that to return an image only if a user was logged in,
for example.

Obviously, photo_file_name_for() returns a file system path to the
appropriate image.

Here’s an example of the declaration in a view:

<img class=“photo” src="/users/get_pic/<%= @user.id %>" alt="<%=
@user.name %>"

But there’s no way to stop a user from doing “Save as…” or dragging a
copy of the image off onto their desktop or taking a screenshot or…

I’m just a bit confused about where this code goes. I’m basically
trying to use this with file_column and I’ve got it to upload the file
to RAILS_ROOT/storage/upload and now need to do the needful to integrate
the above get_pic function to send the image using the
declaration.

I’m confused - would appreciate some help… :-S

Thanks
Mohit.

Mohit S. wrote:

def get_pic
Here’s an example of the declaration in a view:
to RAILS_ROOT/storage/upload and now need to do the needful to integrate
the above get_pic function to send the image using the declaration.

I’m confused - would appreciate some help… :-S

Thanks
Mohit.

Exploring on, I managed to get it to work by doing this, but would like
to know if it’s the right way:
def get_pic
@fctrial = Fctrial.find(params[:id])
send_file(@fctrial.image, {:disposition => ‘inline’, :type =>
‘image/jpeg’})
end

This is instead of:
def get_pic
send_file(User.photo_file_name_for(@params[:id]), {:disposition =>
‘inline’, :type => ‘image/jpeg’})
end

Is it better to do another find or should I add a function to the model
to get it to generate the image name?

Cheers
Mohit.