Showing images secure way


#1

Hello all,

I am working a big project for a kind of image storing and sharing
website. Whole idea is to be member and store your images on the site
and make some of them public.

For security reasons; I store images outsite of public and in
Administration section

def show_image
image = Image.find(params[:id])
raise “You are not owner of this image” if image.member != @member
send_file(image.photo(params[:size]))
end

And in my view

What I am planning to do for public images is to copy them to
public/images/ directory and serve them from there to speed up serving
them. And when they are tagged as private again delete them.

My client is asking me how scalable is my system and I understand his
worries; so I am curious about anybody has such a system up and working
with lots of visitors? And would you like to share your experiences?

Also currently we are serving our site with RedHat+ lighttpd + scgi. We
are planning to move it to Debian + lighttpd +scgi(or fastcgi). Is it
the best combination?

Really would love to hear your experiences and also opions if there is
better algorithm I can apply.

Best Regards
Gokhan


#2

Gokhan

I’m not sure it’s acceptable for this project, but have you thought
about using Flicker as an external image storage for your Rails app?
For 25$/year per account, you can upload (store) 2Gb/month => max 25 GB
of new photos, each year.

Alain