Securing image / static content

I have some images under /public/images/ in a RoR application. I am
accesing
the images from view templates using standard html tags.
Since
the images are under a public directory they can be accessed by anyone
(not
coming through my application).

What is the best way to keep my images accesible only to authorized
users?
I cannot keep them in a non public dir because will not work then.

Thanks

Keep the images out of the public dir (say RAILS_ROOT/assets/images)
and then write an ImagesController that will serve up the images by
setting the appropriate content-type and using send_data/Ruby IO.

Thanks for the response.
Wouldnt using send_data be inefficient as the bytes will be read in the
server memory first?
How can Ruby IO be used?

Thanks

On 9/24/06, [email protected] [email protected] wrote:

Keep the images out of the public dir (say RAILS_ROOT/assets/images)
and then write an ImagesController that will serve up the images by
setting the appropriate content-type and using send_data/Ruby IO.


I don’t like $_, actually the only place I like $s is in my wallet.

Hi,

I’d add to what *ljredpath *suggested. Keep your images in an assets
folder,
but if you use Lighty, an X-Sendfile header will work wonders, as Lighty
itself will fetch the file for you. Read more about that here:
http://blog.lighttpd.net/articles/2006/07/02/x-sendfile (I’m waiting for
this too:
mod_proxy_core got X-Sendfile Support - lighty's life)

This is probably the most “efficient” solution.

Vish