I''ve set up attachment_fu to save photos for my rails application to amazon s3. All works great but now I''d like to add some privacy to this. So, if one of my users downloads a photo it is only viewable by that user. One idea is to use the uuid_primary_key function to pseudo-randomize the pictures. That is, the general public would have to guess the uuid_primary_key to steal the photos. But, this is not completely safe and private. Does anyone have any other ideas? Or should I view uuid_primary_key as safe enough? -- Posted via http://www.ruby-forum.com/.
Andrew Timberlake
2009-Jun-20 16:16 UTC
Re: Privacy issues with attachment_fu and amazon s3
On Sat, Jun 20, 2009 at 6:01 PM, John Clancy<rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> > I''ve set up attachment_fu to save photos for my rails application to > amazon s3. All works great but now I''d like to add some privacy to > this. > > So, if one of my users downloads a photo it is only viewable by that > user. > > One idea is to use the uuid_primary_key function to pseudo-randomize the > pictures. > > That is, the general public would have to guess the uuid_primary_key to > steal the photos. > > But, this is not completely safe and private. > > Does anyone have any other ideas? Or should I view uuid_primary_key as > safe enough?Amazon have a system where you can set a private url that expires after a short time. The expiry is encoded into the url so it can''t be changed. Attachment_fu supports it with something like: file.authenticated_s3_url(:thumb, :expires_in => 5.minutes.to_i) Andrew Timberlake http://ramblingsonrails.com http://MyMvelope.com - The SIMPLE way to manage your savings