That would only provide true protection if the images were stored in the
database - something Donald is trying to avoid.
This is a problem that has trouble many a web developer over the years.
A common method is to run all of your images via script that redirects
to the image:
class ImageController < ApplicationController
(Note: i have no idea whether the above would work - it should
demonstrate the idea though)
In that case you apply the before_filter as usual. However, this still
would protect the images fully as you could still manually type the
address in. That would require guesswork of course and if you kept the
image names/dirs as numbers mapping to filenames in the db (1234 =>
‘imagename.jpg’) it should be reasonably secure.
If you need things to be more secure than that, you could store the
images in a non-web accessible dir and open the images server side to
push to the browser - that’d probably incur a fairly big processing hit
I don’t know whether you could use htaccess to deny or allow directories
based cookies or something - in which case you could set a value that
apache picks up when the file is requested.
Anyway - a lot of that is rambling but hopefully some of it is useful