i was hoping if someone knew of a way to restrict certain files in the
public folder to certain users, according to their session. the aim i’m
shooting for more or less, is this:
a client(who i can check via a session, password, etc) recieves one of
the following links in his email, and can download the file to his
computer,
whereas a regular web-surfer, finding the link, will try to download it,
but will be blocked/ be asked to authorize himself. i’m guessing there
is someplace in the app i could define this (enviorment.rb?) but i am
clueless of where to start from. is this possible to do via rails? is
this a server issue(i’m on lighttpd)? am i shooting for something
unrealistic?
many thanks for a direction(/solution), or whatever you feel u can
contribute…
much appreciated,
I think the best way to do this is to have the files which are to be
downloaded outside of the public folder and then use an action in a
controller which authenticates the download and then uses send_file to
send the file to the user. This way, the files are hidden from the
public until the controller sends it to them.
whereas a regular web-surfer, finding the link, will try to download
it, but will be blocked/ be asked to authorize himself.
The way I’ve seen this achieved is to store the files in a directory
below the web root (public/) so the they’re not directly accessible.
Then have a controller that receives and authenticates the request for a
file, opens the physical file and streams it to the browser sending the
correct headers. There are obviously performance issues to consider
with this method.
The other way is to use htaccess to protect the directory, but that will
depend on your set up.
thank you all for your help; i didn’t think i would get this out of my
way so quickly…i’ve managed to implement the issue via send_file, and
i’ll check out the htaccess method in a sec, maybe it may be a better
solution (?)…
either way, thank you very much for your help,
harp
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.