Rails - Sep 2006 - Protecting images from the public..

I know there was a thread about this a while back, and Al Evans posted 
this reply to a question about protecting images from being directly 
accessed by typing in the URL.

---
Al Evans wrote:

Here''s a method I''ve used for sending pictures from an
arbitrary
location in the file system:

  def get_pic
     send_file(User.photo_file_name_for(@params[:id]), {:disposition => 
''inline'', :type => ''image/jpeg''})
  end

You could modify that to return an image only if a user was logged in, 
for example.

Obviously, photo_file_name_for() returns a file system path to the 
appropriate image.

Here''s an example of the <img> declaration in a view:

<img class="photo" src="/users/get_pic/<%= @user.id
%>" alt="<%=
@user.name %>"

But there''s no way to stop a user from doing "Save as..." or
dragging a
copy of the image off onto their desktop or taking a screenshot or....
---

I''m just a bit confused about where this code goes.  I''m
basically
trying to use this with file_column and I''ve got it to upload the file 
to RAILS_ROOT/storage/upload and now need to do the needful to integrate 
the above get_pic function to send the image using the <img> declaration.

I''m confused - would appreciate some help.. :-S

Thanks
Mohit.






--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

Mohit Sindhwani wrote:
> I know there was a thread about this a while back, and Al Evans posted 
> this reply to a question about protecting images from being directly 
> accessed by typing in the URL.
>
> ---
> Al Evans wrote:
>
> Here''s a method I''ve used for sending pictures from an
arbitrary
> location in the file system:
>
>   def get_pic
>      send_file(User.photo_file_name_for(@params[:id]), {:disposition => 
> ''inline'', :type => ''image/jpeg''})
>   end
>
> You could modify that to return an image only if a user was logged in, 
> for example.
>
> Obviously, photo_file_name_for() returns a file system path to the 
> appropriate image.
>
> Here''s an example of the <img> declaration in a view:
>
> <img class="photo" src="/users/get_pic/<%= @user.id
%>" alt="<%=
> @user.name %>"
>
> But there''s no way to stop a user from doing "Save
as..." or dragging a
> copy of the image off onto their desktop or taking a screenshot or....
> ---
>
> I''m just a bit confused about where this code goes.  I''m
basically
> trying to use this with file_column and I''ve got it to upload the
file
> to RAILS_ROOT/storage/upload and now need to do the needful to integrate 
> the above get_pic function to send the image using the <img>
declaration.
>
> I''m confused - would appreciate some help.. :-S
>
> Thanks
> Mohit.
>   
Exploring on, I managed to get it to work by doing this, but would like 
to know if it''s the right way:
  def get_pic
     @fctrial = Fctrial.find(params[:id])
     send_file(@fctrial.image, {:disposition => ''inline'',
:type =>
''image/jpeg''})
  end

This is instead of:
  def get_pic
     send_file(User.photo_file_name_for(@params[:id]), {:disposition => 
''inline'', :type => ''image/jpeg''})
  end

Is it better to do another find or should I add a function to the model 
to get it to generate the image name?

Cheers
Mohit.




--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---