I am building a photo website and I have some questions before I really
start programming the site.
My system will be Debian + lighttpd + mysql +fastcgi + ImageMagick
I plan to use file_column for image handling/verification and thumbnail
creation.
My question is;
I need to store images in a place outside of webroot so only registered
members can see them. To serve them secure way I was planning to use
send_data to show pictures but
In thumbnails section I will be showing 20 images per page and lets
assume their url will be
it means image action in browse controller will be called 20 times =
lots of sql query to run especially for each image action I have to
check if user is logged in user. It can be pretty heavy.
Anybody has better idea? Or anybody worked on such a project and what
kind of solution you followed?
You could use lighttpd mod_secdownload[1], this way all authentication
would only be done for the page itself and the page will decide
if it will generate you working links for images. Ofcourse that means
that the images have to be directly accessable from /public, but
noone without access to the pages that show the images would be
able to link to the images.
what if you created a mapping in routes.rb for viewing images thru a
controller, and then in the controller you put up top something along
the lines of
before_filter :login_required to force a login for viewing any of those
images ?
You could use lighttpd mod_secdownload[1], this way all authentication
would only be done for the page itself and the page will decide
if it will generate you working links for images. Ofcourse that means
that the images have to be directly accessable from /public, but
noone without access to the pages that show the images would be
able to link to the images.