What are the Rails/Apache gurus that may determine if it is possible (and just how) to achieve the ability for customers to upload their content to my RoR application however subsequent use of such static content could be:
a) offered by APACHE web server [to prevent the overhead of going via Rails], but b) still wish to have an authentication/authorisation check to happen before they are able to access this content
The constraint is I am on http://dreamhost.com/ shared platform where I've only use of the Apache .htaccess file and that i can't add my very own Apache modules.
You are able to perform a redirect to static content, like
class ImagesController def show @image = Image.find(params[:id]) if user_has_access_to @image redirect_to @image.bizarre_and_secret_image_location_that_is_offered_by_apache else access_refused finish finish finish
It does not safeguard content completely, sure. Maybe making the static Web addresses temporary can help:
RewriteRule ^/images/RANDOMIZED_PREFIX_HERE/(.+)$ images/SECRET_IMAGE_LOCATION/$1 [L]
...now alter the
.htaccess file hourly. Obviously the applying ought to know the prefix, too.