问题描述
这是一个故事:
- 用户 A 应该能够上传图片.
- 用户 A 应该能够设置隐私.(公共"或私人").
- 用户 B 不应能够访问用户 A 的私人"图像.
我打算使用 Paperclip 来处理上传.
I'm planning to user Paperclip for dealing with uploads.
如果我将图像存储在RAILS_ROOT/public/images"下,任何能猜到文件名的人都可以访问这些文件.(例如,访问 http://example.com/public/images/uploads/john/family.png )
If I store the images under "RAILS_ROOT/public/images", anyone who could guess the name of the files might access the files. (e.g., accessing http://example.com/public/images/uploads/john/family.png )
我需要使用 img
标签显示图像,所以我不能放置除 public
之外的文件.
I need to show the images using img
tags, so I cannot place a file except public
.
如何确保其他人无法访问用户或群组的图像?
How can I ensure that images of a user or group is not accessible by others?
(如果我不能用 Paperclip 做到这一点,什么是好的解决方案?)
(If I cannot achieve this with Paperclip, what is a good solution?)
推荐答案
我希望 Paperclip 在后端使用 S3,将上传的文件设置为私有,然后使用查询字符串请求身份验证替代"生成 URL我的图像标签.
I would have Paperclip use S3 on the back-end, set uploaded files to private, and then use "Query String Request Authentication Alternative" to generate the URLs for my image tags.
http://docs.amazonwebservices.com/AmazonS3/2006-03-01/index.html?RESTAuthentication.html
这篇关于如何在 Ruby on Rails 中存储私人图片和视频的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!