Forum: Ruby on Rails Showing images secure way

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
54077fb03c95861af85880218cf7aef2?d=identicon&s=25 Gokhan Arli (sylow)
on 2005-12-18 02:38
Hello all,

I am working a big project for a kind of image storing and sharing
website. Whole idea is to be member and store your images on the site
and make some of them public.

For security reasons; I store images outsite of public and in
Administration section

def show_image
    image = Image.find(params[:id])
    raise "You are not owner of this image" if image.member != @member
    send_file(image.photo(params[:size]))
end


And in my view
<img src="/admin/show_image/2121" />


What I am planning to do for public images is to copy them to
public/images/  directory and serve them from there to speed up serving
them. And when they are tagged as private again delete them.

My client is asking me how scalable is my system and I understand his
worries; so I am curious about anybody has such a system up and working
with lots of visitors? And would you like to share your experiences?

Also currently we are serving our site with RedHat+ lighttpd + scgi. We
are planning to move it to Debian + lighttpd +scgi(or fastcgi). Is it
the best combination?

Really would love to hear your experiences and also opions if there is
better algorithm I can apply.

Best Regards
Gokhan
0091f92762685860109bbcb02edfdf27?d=identicon&s=25 Alain Ravet (Guest)
on 2005-12-18 10:12
(Received via mailing list)
Gokhan

I'm not sure it's acceptable for this project, but have you thought
about using Flicker as an external image storage for your Rails app?
For 25$/year per account, you can upload (store) 2Gb/month => max 25 GB
of new photos, each year.


Alain
This topic is locked and can not be replied to.