I have some images under /public/images/ in a RoR application. I am accesing the images from view templates using standard html <img src=..> tags. Since the images are under a public directory they can be accessed by anyone (not coming through my application). What is the best way to keep my images accesible only to authorized users? I cannot keep them in a non public dir because <img> will not work then. Thanks --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
ljredpath-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
2006-Sep-24 17:21 UTC
Re: Securing image / static content
Keep the images out of the public dir (say RAILS_ROOT/assets/images) and then write an ImagesController that will serve up the images by setting the appropriate content-type and using send_data/Ruby IO. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
Thanks for the response. Wouldnt using send_data be inefficient as the bytes will be read in the server memory first? How can Ruby IO be used? Thanks On 9/24/06, ljredpath-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org <ljredpath-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > > Keep the images out of the public dir (say RAILS_ROOT/assets/images) > and then write an ImagesController that will serve up the images by > setting the appropriate content-type and using send_data/Ruby IO. > > > > >-- I don''t like $_, actually the only place I like $s is in my wallet. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
Hi, I''d add to what *ljredpath *suggested. Keep your images in an assets folder, but if you use Lighty, an X-Sendfile header will work wonders, as Lighty itself will fetch the file for you. Read more about that here: http://blog.lighttpd.net/articles/2006/07/02/x-sendfile (I''m waiting for this too: http://blog.lighttpd.net/articles/2006/07/22/mod_proxy_core-got-x-sendfile-support) This is probably the most "efficient" solution. Vish On 9/24/06, Nasir Khan <rubylearner-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > Thanks for the response. > Wouldnt using send_data be inefficient as the bytes will be read in the > server memory first? > How can Ruby IO be used? > > Thanks > > On 9/24/06, ljredpath-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org <ljredpath-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > > > > Keep the images out of the public dir (say RAILS_ROOT/assets/images) > > and then write an ImagesController that will serve up the images by > > setting the appropriate content-type and using send_data/Ruby IO. > > > > > > > > > > > > > -- > I don''t like $_, actually the only place I like $s is in my wallet. > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---