Forum: Ruby on Rails attachement_fu and protecting files from download

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
9fa0e9901902a1eb76217f33bd15c4a2?d=identicon&s=25 jochen kaechelin (Guest)
on 2007-07-10 17:48
(Received via mailing list)
I successfully installed attachement_fu but I still
have one question:

How can I protect my uploaded files from being downloaded like

  http://127.0.0.1:3000/images/galleries/0000/0001/1.jpg

I only what logged in users to download images?

Thanx.


--
Jochen Kaechelin
gissmoh.de, figgfrosch.de, ror-ror.de
34a7615f38496a5dafbb3e6b721c435e?d=identicon&s=25 Mohit Sindhwani (Guest)
on 2007-07-10 18:15
(Received via mailing list)
jochen kaechelin wrote:
>
>
>
This has been asked a few times in the past (though I don't have links
handy) but basically:
1. You'll need to save files to a non-public directory (I've done this
with file_column but I expect it's possible also with attachment_fu)
2. Add a controller action that will use send_file to send the file to
the browser
3. Add a before_filter to make sure that the user is logged in.

Cheers,
Mohit.
7/11/2007 | 12:13 AM.
9dfe8c734b0f9b37a4e218425c0a2138?d=identicon&s=25 gene.tani@gmail.com (Guest)
on 2007-07-11 02:57
(Received via mailing list)
On Jul 10, 8:47 am, jochen kaechelin <giss...@figgfrosch.de> wrote:
>
> --
> Jochen Kaechelin
> gissmoh.de, figgfrosch.de, ror-ror.de

google for "protected download" or "secure download" or authenticated,
etc

http://www.bencurtis.com/archives/2006/11/serving-...
http://robertrevans.com/article/files-outside-publ...
http://www.rorsecurity.info/2007/03/27/working-wit...
A39970d780c506b26e9a8b71eda13df2?d=identicon&s=25 Walter McGinnis (Guest)
on 2007-07-11 03:03
(Received via mailing list)
You might also be interested in this discussion:
http://groups.google.com/group/WellRailed/browse_t...

Cheers,
Walter
A05834e9b5954947eb0ba3b570c47d5e?d=identicon&s=25 Pratik Naik (pratik)
on 2007-07-11 03:05
(Received via mailing list)
Correction. send_data and not send_file.

-Pratik

On 7/10/07, Mohit Sindhwani <mo_mail@onghu.com> wrote:
> >
> 3. Add a before_filter to make sure that the user is logged in.
>
> Cheers,
> Mohit.
> 7/11/2007 | 12:13 AM.
>
>
>
> >
>


--
http://m.onkey.org
34a7615f38496a5dafbb3e6b721c435e?d=identicon&s=25 Mohit Sindhwani (Guest)
on 2007-07-11 06:29
(Received via mailing list)
Pratik wrote:
> Correction. send_data and not send_file.
>
> -Pratik
>

Thanks!  Of course, that's what I meant :-P


Cheers,
Mohit.
7/11/2007 | 12:28 PM.
This topic is locked and can not be replied to.