Ruby on Rails - loading area protection

Question

Ruby on Rails - loading area protection

If I upload files to my server and thus clients / clients upload these files. How can I restrict access to the file?

For example, if I upload a file to www.domain.com/files/download.zip

And if the user has the correct permissions, he can upload the file, but what if the user knows a direct link to the file itself?

I can imagine how not to show the link to the user on the site if they don’t have permission to view the link, but how can I prevent someone from just entering the direct URL of the file’s location to download the file?

Thanks in advance.

+4

ruby-on-rails ruby-on-rails-3

Ror Oct 08 '10 at 20:03

source share

1 answer

Matchu · Accepted Answer · 2010-10-08T20:07:40+0000

Do not put these downloads in /public if you want to protect them. Store them in a folder outside your web root, then use a controller that uses send_file to allow them to download the file, if allowed.

Ruby on Rails - loading area protection

More articles: