Hello guys, I am building a photo website and I have some questions before I really start programming the site. My system will be Debian + lighttpd + mysql +fastcgi + ImageMagick I plan to use file_column for image handling/verification and thumbnail creation. My question is; I need to store images in a place outside of webroot so only registered members can see them. To serve them secure way I was planning to use send_data to show pictures but In thumbnails section I will be showing 20 images per page and lets assume their url will be domain.com/browse/image/111 it means image action in browse controller will be called 20 times = lots of sql query to run especially for each image action I have to check if user is logged in user. It can be pretty heavy. Anybody has better idea? Or anybody worked on such a project and what kind of solution you followed? Thanks all Regards Gokhan -- Posted via http://www.ruby-forum.com/.
You could use lighttpd mod_secdownload[1], this way all authentication would only be done for the page itself and the page will decide if it will generate you working links for images. Ofcourse that means that the images have to be directly accessable from /public, but noone without access to the pages that show the images would be able to link to the images. [1] http://www.lighttpd.net/documentation/secdownload.html On T, 2006-01-10 at 14:32 +0100, Gokhan Arli wrote:> Hello guys, > > I am building a photo website and I have some questions before I really > start programming the site. > > My system will be Debian + lighttpd + mysql +fastcgi + ImageMagick > > I plan to use file_column for image handling/verification and thumbnail > creation. > > My question is; > > I need to store images in a place outside of webroot so only registered > members can see them. To serve them secure way I was planning to use > send_data to show pictures but > > In thumbnails section I will be showing 20 images per page and lets > assume their url will be > > domain.com/browse/image/111 > > it means image action in browse controller will be called 20 times = > lots of sql query to run especially for each image action I have to > check if user is logged in user. It can be pretty heavy. > > Anybody has better idea? Or anybody worked on such a project and what > kind of solution you followed? > > Thanks all > > Regards > Gokhan > > >
Adam Denenberg
2006-Jan-10 14:45 UTC
[Rails] Serving lots of images to only registred users
what if you created a mapping in routes.rb for viewing images thru a controller, and then in the controller you put up top something along the lines of before_filter :login_required to force a login for viewing any of those images ? just an idea, i havent actually tested it. adam On 1/10/06, Tarmo T?nav <tarmo@itech.ee> wrote:> You could use lighttpd mod_secdownload[1], this way all authentication > would only be done for the page itself and the page will decide > if it will generate you working links for images. Ofcourse that means > that the images have to be directly accessable from /public, but > noone without access to the pages that show the images would be > able to link to the images. > > [1] http://www.lighttpd.net/documentation/secdownload.html > > On T, 2006-01-10 at 14:32 +0100, Gokhan Arli wrote: > > Hello guys, > > > > I am building a photo website and I have some questions before I really > > start programming the site. > > > > My system will be Debian + lighttpd + mysql +fastcgi + ImageMagick > > > > I plan to use file_column for image handling/verification and thumbnail > > creation. > > > > My question is; > > > > I need to store images in a place outside of webroot so only registered > > members can see them. To serve them secure way I was planning to use > > send_data to show pictures but > > > > In thumbnails section I will be showing 20 images per page and lets > > assume their url will be > > > > domain.com/browse/image/111 > > > > it means image action in browse controller will be called 20 times > > lots of sql query to run especially for each image action I have to > > check if user is logged in user. It can be pretty heavy. > > > > Anybody has better idea? Or anybody worked on such a project and what > > kind of solution you followed? > > > > Thanks all > > > > Regards > > Gokhan > > > > > > > > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >
Gokhan Arli
2006-Jan-10 21:03 UTC
[Rails] Re: Serving lots of images to only registred users
Tarmo =?ISO-8859-1?Q?T=E4nav?= wrote:> You could use lighttpd mod_secdownload[1], this way all authentication > would only be done for the page itself and the page will decide > if it will generate you working links for images. Ofcourse that means > that the images have to be directly accessable from /public, but > noone without access to the pages that show the images would be > able to link to the images. > > [1] http://www.lighttpd.net/documentation/secdownload.htmlHello Tarmo, few weeks ago I looked at mod_secdownload and now when I looked at again, it might be a good option to go for. PS: Anybody using it with heavy load? Thank you very much Gokhan -- Posted via http://www.ruby-forum.com/.