2

This is a simple question but I can't seem to find an answer for it anywhere. If you store some files (say some static PDFs) in your public directory, is there a way that someone who isn't authorized to view those files, can view them by typing in a url like example.com/public/static_document.pdf? If so, can you disable this in Rails?

ab217
  • 16,900
  • 25
  • 74
  • 92
  • 1
    This may be useful to your use case: http://stackoverflow.com/questions/2143300/protecting-the-content-of-public-in-a-rails-app – Nerian Jun 29 '12 at 20:55

2 Answers2

2

The public is definitely public and open to people guessing the URL.

Check out Ruby On Rails - Securing Downloads Area for someone else asking similar.

I store these generally in Rails.root/secure_files and then use send_file in the Controller to authorize and send these files.

Community
  • 1
  • 1
Jesse Wolgamott
  • 40,197
  • 4
  • 83
  • 109
0

The public folder contains the static files and compiled assets for the client to read. The folder by default is accessible to anyone visiting your site. Test it by typing in a slug of the folder name currently in your public folder.

Kyle C
  • 4,077
  • 2
  • 31
  • 34