On Mar 13, 12:47 pm, Phoenix Rising <polarisris...@gmail.com> wrote: > However, what's to stop B from grabbing the URL to the photo of A and > then sending it to C over iChat or something? C gets the image pulled > up without even so much as a login. > > I might be going a bit overkill here, but with all the recent > discussion in the technology industry about individual privacy, I want > to make sure this problem gets solved RIGHT. The only way I know to > do this off the top of my head is to set the image source as a Ruby > script itself, and have that script (or method in a controller) do the > checks, then if they're good, retrieve the image and then send the raw > image data down. I've done that with PHP before, but truth be told, I > don't like it because it seems rather inefficient.
Doesn't have to be inefficient with something like X-SendFile. None of this would stop B just sending the file to C though. Fred > > Is there a good way to do this, or is it generally acceptable that, > while my app won't show C any photos of A, those photos aren't > *actually* protected from a raw GET request, if somebody knew where to > look? > > Thanks :-) -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.