On Sun, Mar 13, 2011 at 5:47 AM, Phoenix Rising <polarisris...@gmail.com>wrote:
> Hey guys, > > So I'm building a Rails 3 app and one of the major things it needs to > do is let users upload photos into their own photo albums. That part > in and of itself isn't a problem; where I'm a bit short on knowledge > is the proper way to *secure* that information. > > Say we have 3 users: a, b, c. A and B are friends, C doesn't know > either one of them. A uploads photos into his/her album, which is > marked to be viewed by "friends only", so B can see those photos, but > not C. > > However, what's to stop B from grabbing the URL to the photo of A and > then sending it to C over iChat or something? C gets the image pulled > up without even so much as a login. > > Write a rails controller that handles sending images and has auth on it, or a metal controller that sends the images and checks an expiration stamp, associated with the url. You may have better things to learn or do, before you solve this properly - as Fred said - the file can get saved, sent or anything once it is out of your system. -- make haste slowly \ festina lente \ - mobile +1_415_632_6001 curtis.schofi...@gmail.com <cur...@robotarmyma.de> http://robotarmyma.de -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.