On Apr 7, 4:43 pm, apm <alberto.perd...@gmail.com> wrote:
> Hi,
>
> So, what can you do to protect people form accessing file they should
> not? I have compiled a list of possible strategies we have thought
> about or read about on the internet:
>
> 2. Store attachments outside of public and serve them using a
> controller and send_file. I think this works for download links but
> what about embedding images?
>
That but use X-Sendfile or X-accel-redirect: this makes apache/nginx
send the file, rather than funnelling it through ruby. All your rails
controller does (assuming the person is authorized) is set a header
in the response saying 'send them this file')
Fred
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
