Upload file above /public, authenticate before serving?


#1

I have file uploads to the database and stored in a longblob working on
our client extranet, except that it kills mysql/activeRecord on files
bigger than about 200kb. (is there a reason for this - running mysql
5.0.18, lighttpd or webrick on winxp??)

So I’m now thinking about whether its possible to do either:

  1. upload a file into #rails_root/some_folder/ instead of
    /public/some_folder, store a reference to the file in the db instead and
    somehow serve it up to authenticated users

or 2) upload the file into /public/folder but find a way of only serving
up the files to authenticated users (I’m currently using login_system.rb
to authenticate users)

anyone have any ideas? I’m stumped…


#2

If you are using lighttpd, there is secure download mod, so you can
store
the files outside public and authenticated users can get a specially
formatted url with limited lifetime, and the files gets served by the
webserver. If you set the time low, you don’t have to worry about
hot-linking.