What are the Rails/Apache gurus that may determine if it is possible (and just how) to achieve the ability for customers to upload their content to my RoR application however subsequent use of such static content could be:

a) offered by APACHE web server [to prevent the overhead of going via Rails], but b) still wish to have an authentication/authorisation check to happen before they are able to access this content

The constraint is I am on http://dreamhost.com/ shared platform where I've only use of the Apache .htaccess file and that i can't add my very own Apache modules.

http://wiki.dreamhost.com/Apache http://wiki.dreamhost.com/Htaccess http://wiki.dreamhost.com/KB%5F/%5FUnix%5F/%5F.htaccess%5Ffiles

Thanks

You are able to perform a redirect to static content, like

class ImagesController

  def show

    @image = Image.find(params[:id])

    if user_has_access_to @image

      redirect_to @image.bizarre_and_secret_image_location_that_is_offered_by_apache

    else

      access_refused

    finish

  finish

finish

It does not safeguard content completely, sure. Maybe making the static Web addresses temporary can help:

RewriteRule ^/images/RANDOMIZED_PREFIX_HERE/(.+)$ images/SECRET_IMAGE_LOCATION/$1 [L]

...now alter the .htaccess file hourly. Obviously the applying ought to know the prefix, too.