Rails - Jul 2007 - attachement_fu and protecting files from download

I successfully installed attachement_fu but I still
have one question:

How can I protect my uploaded files from being downloaded like

	http://127.0.0.1:3000/images/galleries/0000/0001/1.jpg

I only what logged in users to download images?

Thanx.


-- 
Jochen Kaechelin
gissmoh.de, figgfrosch.de, ror-ror.de

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

jochen kaechelin wrote:
> I successfully installed attachement_fu but I still
> have one question:
>
> How can I protect my uploaded files from being downloaded like
>
> 	http://127.0.0.1:3000/images/galleries/0000/0001/1.jpg
>
> I only what logged in users to download images?
>
> Thanx.
>
>
>   
This has been asked a few times in the past (though I don''t have links 
handy) but basically:
1. You''ll need to save files to a non-public directory (I''ve
done this
with file_column but I expect it''s possible also with attachment_fu)
2. Add a controller action that will use send_file to send the file to 
the browser
3. Add a before_filter to make sure that the user is logged in.

Cheers,
Mohit.
7/11/2007 | 12:13 AM.



--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On Jul 10, 8:47 am, jochen kaechelin
<giss...-Vg5pTm5GbeLoK6nBLMlh1Q@public.gmane.org>
wrote:
> I successfully installed attachement_fu but I still
> have one question:
>
> How can I protect my uploaded files from being downloaded like
>
>        http://127.0.0.1:3000/images/galleries/0000/0001/1.jpg
>
> I only what logged in users to download images?
>
> Thanx.
>
> --
> Jochen Kaechelin
> gissmoh.de, figgfrosch.de, ror-ror.de
google for "protected download" or "secure download" or
authenticated,
etc

http://www.bencurtis.com/archives/2006/11/serving-protected-downloads-with-rails/
http://robertrevans.com/article/files-outside-public-directory
http://www.rorsecurity.info/2007/03/27/working-with-files-in-rails/


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

You might also be interested in this discussion:
http://groups.google.com/group/WellRailed/browse_thread/thread/b2b925ea74a605df/

Cheers,
Walter
>
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Correction. send_data and not send_file.

-Pratik

On 7/10/07, Mohit Sindhwani
<mo_mail-RxrYI66vbj0AvxtiuMwx3w@public.gmane.org>
wrote:
>
> jochen kaechelin wrote:
> > I successfully installed attachement_fu but I still
> > have one question:
> >
> > How can I protect my uploaded files from being downloaded like
> >
> >       http://127.0.0.1:3000/images/galleries/0000/0001/1.jpg
> >
> > I only what logged in users to download images?
> >
> > Thanx.
> >
> >
> >
> This has been asked a few times in the past (though I don''t have
links
> handy) but basically:
> 1. You''ll need to save files to a non-public directory
(I''ve done this
> with file_column but I expect it''s possible also with
attachment_fu)
> 2. Add a controller action that will use send_file to send the file to
> the browser
> 3. Add a before_filter to make sure that the user is logged in.
>
> Cheers,
> Mohit.
> 7/11/2007 | 12:13 AM.
>
>
>
> >
>

-- 
http://m.onkey.org

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Pratik wrote:
> Correction. send_data and not send_file.
>
> -Pratik
>   
Thanks!  Of course, that''s what I meant :-P


Cheers,
Mohit.
7/11/2007 | 12:28 PM.



--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---