hi,
ive been researching this and i found the x send file and
x-accel-redirect for nginx. they can be used for downloads, however, can
these be used to render images to a view?
thanks for any help!
--
Posted via http://www.ruby-forum.com/.
cass...@gmail.com wrote:
> Thanks for your reply!
>
> but, can this work to serve the images to the view? that� what I'll
> really nedd, I think I didn't expressed myself well..
>
> thank you!
--
Posted via http://www.ruby-forum.com/.
so instead of putting /path/to/image.jpg into the view, you have
/path/to/image.jpg?timestamp=<timestamp>&token=<token>, where
timestamp = 1.minute.from_now (e.g.), and token =
Digest::SHA1.hexdigest(secret + '/path/to/image.jpg' + timestamp).
thus only someone who knows your secret string gets access to that
image.
Apache Secure Download was inspired by Mongrel Secure Download [2],
a mongrel handler by josh ferguson.
[1] <http://prometheus.rubyforge.org/apache_secure_download/>
[2] <http://rubyforge.org/projects/msecuredownload/>
[3] <http://prometheus.rubyforge.org/mongrel_secure_download-redux/>
cheers
jens
--
Jens Wille, Dipl.-Bibl. (FH)
prometheus - Das verteilte digitale Bildarchiv für Forschung & Lehre
Kunsthistorisches Institut der Universität zu Köln
Albertus-Magnus-Platz, D-50923 Köln
Tel.: +49 (0)221 470-6668, E-Mail: jens....@uni-koeln.de
http://www.prometheus-bildarchiv.de/
the web server, say apache will be the one responsible for serving
images. so after i authenticate a user and check if the user has
permission to view a certain view, the view action will be called with a
url that contains timestamp, secret string, etc..which apache will
compute to see whether or not to serve the images?
What is the purpose of the timestamp?
thanks
> prometheus - Das verteilte digitale Bildarchiv f?schung & Lehre
> Kunsthistorisches Institut der Universit䴠zu
> K?lbertus-Magnus-Platz, D-50923
> K?el.: +49 (0)221 470-6668, E-Mail: jens....@uni-koeln.de
> http://www.prometheus-bildarchiv.de/
--
Posted via http://www.ruby-forum.com/.
Koloa Poipu [2008-02-27 18:20]:
> the web server, say apache will be the one responsible for
> serving images. so after i authenticate a user and check if the
> user has permission to view a certain view, the view action will
> be called with a url that contains timestamp, secret string,
> etc..which apache will compute to see whether or not to serve the
> images?
exactly. your application generates a URL to your resource which
apache will check for validity. only then will apache serve that
resource to the user. hence, your application controls whether to
allow the user access to the resource or not.
> What is the purpose of the timestamp?
the timestamp makes the URL only valid for a certain time. if the
user saves the previously received URL to get access to the resource
again at a later time, the timestamp prevents a successful "stealing".
i suggest you just try Apache Secure Download [1] and see if it
suits your needs ;-) if i can help you make it work, just let me know.
(it's available as a gem from rubyforge -- sudo gem install
apache_secure_download)
[1] <http://prometheus.rubyforge.org/apache_secure_download/>
cheers
jens
--
Jens Wille, Dipl.-Bibl. (FH)
prometheus - Das verteilte digitale Bildarchiv für Forschung & Lehre
Kunsthistorisches Institut der Universität zu Köln
Albertus-Magnus-Platz, D-50923 Köln
Tel.: +49 (0)221 470-6668, E-Mail: jens....@uni-koeln.de
http://www.prometheus-bildarchiv.de/