0

How can I give users the ability to upload their content to my RoR application but then subsequent access to such static content that would be:

  1. served by APACHE web server [to avoid the overhead of going via Rails], but

  2. still want to have an authentication/authorization check to occur before they can access the content

The constraint is I'm on DreamHost shared platform where I have only access to the Apache .htaccess file and I can't add my own Apache modules.

Nathan Smith
  • 683
  • 1
  • 10
  • 24
Greg
  • 34,042
  • 79
  • 253
  • 454

1 Answers1

1

You can do a redirect to static content, like

class ImagesController
  def show
    @image = Image.find(params[:id])
    if user_has_access_to @image
      redirect_to @image.bizarre_and_secret_image_location_that_is_served_by_apache
    else
      access_denied
    end
  end
end

It doesn't protect content completely, sure. Maybe making the static URLs temporary will help:

RewriteRule ^/images/RANDOMIZED_PREFIX_HERE/(.+)$ images/SECRET_IMAGE_LOCATION/$1 [L]

...now change the .htaccess file each hour. Of course the application should know the prefix, too.

Leonid Shevtsov
  • 14,024
  • 9
  • 51
  • 82
  • Thanks but I do need proper security on the item. So it's really more about how I could programatixally, when a user registers, to arrange that apache could serve atactic content, but based on their credentials in the app Also would like atactic HTML pages themselves to be in scope – Greg Sep 23 '09 at 18:49