3

Both Rails gems DragonFly and Paperclip use public/system folder to store uploaded files.

As far as I know this folder is accessible by everybody - at least the root files, 404.html or others.

How can I protect these uploaded files? Is there any configuration options available?

I need to process transcoded video files which are generated from user uploads and make them available with some permission checks.

Are there any recommendations?

simonmorley
  • 2,810
  • 4
  • 30
  • 61
Volodymyr
  • 1,136
  • 3
  • 11
  • 28

1 Answers1

1

Not sure about dragonfile but you can change the paperclip file upload options.

Could you use Amazon S3 instead?

Add the following to your envrionment:

config.paperclip_defaults = {
  :storage => :s3,
  :s3_credentials => {
    :bucket => ENV['AWS_BUCKET'],
    :access_key_id => ENV['AWS_ACCESS_KEY_ID'],
    :secret_access_key => ENV['AWS_SECRET_ACCESS_KEY']
  }
}

Make sure you've got the s3 gem installed by adding this to your gemfile:

gem 'aws-sdk'

Does that help or do you need to keep them on your server to process??

-- edit --

Apparently heroku recommend using a temp file if you can't use s3. Have a read of this post:

How can I change the upload directory for paperclip on heroku to /tmp?

Community
  • 1
  • 1
simonmorley
  • 2,810
  • 4
  • 30
  • 61
  • I need put files on local storage - security requirements. Thats the problem here – Volodymyr Dec 19 '12 at 10:51
  • Not too much. Sorry but I need some guide about applying permissions to uploaded files – Volodymyr Dec 19 '12 at 14:20
  • Ok. You might want to consider altering your question a little as it's a bit misleading. Just add that last comment in and someone will pick it up I'm sure. – simonmorley Dec 19 '12 at 14:21