问题
If I upload files to my server and thus have clients/customers download these files. How may I restrict the access of the file?
Such as, if I upload a file to www.domain.com/files/download.zip
And if the user has correct permissions he can download the file, but what if the user knows the direct link to the file itself?
Cause I can imagine how to not show the link to the user on the site if they don't have permission to see the link, but how do I prevent someone from just typing in the direct URL of the location of the file to download the file?
Thanks in advance.
回答1:
Don't put those uploads in /public if you want to secure them. Keep them in a folder outside of your web root, then have a controller that uses send_file to allow them to download the file if authorized.
来源:https://stackoverflow.com/questions/3893935/ruby-on-rails-securing-downloads-area