Ruby On Rails - Securing Downloads Area

Question

If I upload files to my server and thus have clients/customers download these files. How may I restrict the access of the file?

Such as, if I upload a file to www.domain.com/files/download.zip

And if the user has correct permissions he can download the file, but what if the user knows the direct link to the file itself?

Cause I can imagine how to not show the link to the user on the site if they don't have permission to see the link, but how do I prevent someone from just typing in the direct URL of the location of the file to download the file?

Thanks in advance.

score 7 · Accepted Answer · answered Oct 08 '10 at 20:07

7

Don't put those uploads in /public if you want to secure them. Keep them in a folder outside of your web root, then have a controller that uses send_file to allow them to download the file if authorized.

answered Oct 08 '10 at 20:07

Matchu

80,913
16
150
159

2

but what if I want them to store in public so that front end can access them easily, how ? – Jenuel Ganawed Mar 19 '20 at 04:36

Ruby On Rails - Securing Downloads Area

1 Answers1

Linked