Ruby on Rails Friday, September 30, 2011

On Sep 30, 2011, at 4:26 PM, Garrett S. wrote:

> I think I like what you're saying, but the only problem I have with it
> is controlling access to the paperclip url. This may mean I just don't
> understand how the paperclip urls work. But I'm also trying to ensure
> that only the user who uploaded it, can access it. I wasn't sure if I
> would be able to control this once a url for an audio file was exposed.

That's the beauty of how this works. When you save the file to S3, you have two basic options. Usually, you want these to be world-readable, so you pass

:s3_permissions => :public

in your has_attached_file call.

But if you pass :private instead, then the file can only be accessed through your S3 credentials. Okay, now only your app can read it. But that's what the expiring_url method is for. That gins up a one-time token that expires in N minutes, and allows one download during that window, after which it simply won't work at all. Your keys are used to create this token, but it's a one-way hash so you don't have any leakage possible of your actual credentials.

Walter

>
> --
> Posted via http://www.ruby-forum.com/.
>
> --
> You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
> To post to this group, send email to rubyonrails-talk@googlegroups.com.
> To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
>

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.

No comments:

Post a Comment