I’m building an application for a company that has thousands of clients,
for each client there will a set of documents that are private to that
client. Rails makes it easy, of course, to show the list of documents on
per-client basis, using acts_as_authenticated and using current_user as
of the find any time a document list is displayed.
The part for which I’m looking for the best solution is access to the
documents themselves. My simple implementation has the Rails view
series of links to the files (which are word, excel, and powerpoint
documents). The problem is that Rails isn’t involved at all in the
document delivery, since these static files are served directly from
So anyone who gets, or guesses, the URL can access these files without
I’ve come up with three possible solutions and would appreciate hearing
others have done, and whether there are holes that I’m missing, or
approach I’ve missed.
Security by obscurity. Use long random strings for the directory and
names. This is probably secure enough in practice, but certainly isn’t
secure in theory and doesn’t feel quite right.
Deliver the static files via Rails. Put the documents in a directory
outside of public and use a Rails action to read the file and deliver it
the browser. This seems like it would be secure, and doesn’t require any
Apache configuration, but it would dramatically increase the server load
when these files are viewed. I’m not sure whether that would be a real
Referrer-based blocking in Apache. Set the Apache config to prohibit
access to the documents directories if the referrer is not the Rails
that renders the list of files from the database. This seems like
potentially the best solution but I’m wondering if there’s any security
here that I’m missing. One weakness is that some people seem to have
web browser set to not provide a referrer, and those people wouldn’t be
to access the documents.
I’d appreciate any suggestions.