Rails - Jun 2007 - Attachment_fu: Having problems with database_backend

First, Rick Olson - excellent plugin!
Second, Mike Clark - excellent tutorial on file_system backend!
Third, Ron Evans, excellent tutorial on database backend (http://
deadprogrammersociety.blogspot.com/2007/04/getting-your-attachmentfu-
back-out-of.html)!

I am having serious trouble getting database storage working.  I
haven''t found much information regarding using attachment_fu with a
database backend, but I''ve almost got it working and have a strange
bug.

It appears to be storing the entire file in the database, but when I
pull it out and display it the image stops rendering after around 40K
(haven''t measured exactly where it cuts off, but files smaller than
about 40k render and download completely).  It is the same when I
download the file, the downloaded file has the right dimensions, but
the image only fills up part of the size of the original.  The part
filled in is sequential from the beginning.  I am very confused.

The other alternative for me is to store the files on the file system,
but they must be protected from direct download.  These are
confidential documents that I am uploading (driver''s lisenses, birth
certificates, social security cards, etc).  Is there a way to protect
the files from direct download and also allow them to be viewed and
downloaded by logged in users (admins)?

Thanks,
Peter
--
(**********************************************************
* l*eter H. l3oling
* Software Developer - Sagebit, LLC
* email:      peter.boling-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
* blog:        http://galtzo.blogspot.com/
* languages:  English, Spanish, Portuguese
***********************************************************)


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

My suggestion wrt safely storing as files:

1) store the files in a part of the file system not in the web server''s
document root.
2) To send a file to a browser client, use a controller action to read 
and return the contents of the file. That way the controller action can 
check access, log the request, etc.

HTH,

Larry


-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On 7/1/07, Larry Kluger
<rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>
wrote:
>
>
> My suggestion wrt safely storing as files:
>
> 1) store the files in a part of the file system not in the web
server''s
> document root.
> 2) To send a file to a browser client, use a controller action to read
> and return the contents of the file. That way the controller action can
> check access, log the request, etc.
>
> HTH,
Are you sure your database isn''t truncating the files?

Using the filesystem is usually better though.  It''s definitely faster
and easier on memory (mongrel steams to a tmp file that you can just
move, rather than opening it into memory).

For serving it, check out the x-accel-redirect header for nginx:
http://wiki.codemongers.com/NginxXSendfile

-- 
Rick Olson
http://lighthouseapp.com
http://weblog.techno-weenie.net
http://mephistoblog.com

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On Jul 1, 2007, at 5:22 PM, Larry Kluger wrote:
> My suggestion wrt safely storing as files:
>
> 1) store the files in a part of the file system not in the web  
> server''s
> document root.
> 2) To send a file to a browser client, use a controller action to read
> and return the contents of the file. That way the controller action  
> can
> check access, log the request, etc.
In addition, you can avoid the penalty in your precious Rails  
processes delegating to the front-end server via the X-Sendfile  
header, there''s a plugin that encapsulates that:

   http://agilewebdevelopment.com/plugins/xsendfile

Using that trick the flow becomes (think a regular Apache + Mongrel  
Cluster setup for example):

   1. Files are requested with URLs that point to some
      controller instead of the public document root,
      thus the controller has complete control about their
      access according to the logic of the application

   2. The action resolves the filename to fetch somehow,
      be careful with filenames, sanitize parameters, etc.

   3. It calls some of the plugin''s send_file()-like methods,
      which just add a header with the actual filename on
      disk for the front-end server to handle

   4. The front-end server intercepts the response after
      seeing the special header, and serves the file in its
      value as if it was a regular public static file, it
      takes care of the MIME type etc.

In development mode you don''t need to use that necessarily, I use  
xsendfile''s drop in replacement for send_file() only in production  
mode, it''s as easy as throwing this line into environment.rb:

   XSendFile::Plugin.replace_send_file! if RAILS_ENV ==
''production''

So that in development mode those files as always (for example by  
webrick), and in production the X-Sendfile stuff is activated without  
touching a single line of code.

-- fxn


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On Jul 1, 2007, at 5:22 PM, Larry Kluger wrote:
> My suggestion wrt safely storing as files:
>
> 1) store the files in a part of the file system not in the web  
> server''s
> document root.
> 2) To send a file to a browser client, use a controller action to read
> and return the contents of the file. That way the controller action  
> can
> check access, log the request, etc.
In addition, you can avoid the penalty in your precious Rails  
processes delegating to the front-end server via the X-Sendfile  
header, there''s a plugin that encapsulates that:

   http://agilewebdevelopment.com/plugins/xsendfile

Using that trick the flow becomes (think a regular Apache + Mongrel  
Cluster setup for example):

   1. Files are requested with URLs that point to some
      controller instead of the public document root,
      thus the controller has complete control about their
      access according to the logic of the application

   2. The action resolves the filename to fetch somehow,
      be careful with filenames, sanitize parameters, etc.

   3. It calls some of the plugin''s send_file()-like methods,
      which just add a header with the actual filename on
      disk for the front-end server to handle

   4. The front-end server intercepts the response after
      seeing the special header, and serves the file in its
      value as if it was a regular public static file, it
      takes care of the MIME type etc.

In development mode you don''t need to use that necessarily, I use  
xsendfile''s drop in replacement for send_file() only in production  
mode, it''s as easy as throwing this line into environment.rb:

   XSendFile::Plugin.replace_send_file! if RAILS_ENV ==
''production''

So that in development mode those files as always (for example by  
webrick), and in production the X-Sendfile stuff is activated without  
touching a single line of code.

-- fxn


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---