0

I'm building an application (Rails 3.2.8) where user can upload music tracks and associated clip. While clips can be publicly accessible, track can't be accessible without purchasing. I'm using carrierwave for uploading the both types of files. However, I do not want to expose the actual track path to the users.

What techniques such services use to protect hotlinking and/or unauthorized access to the files?

Currently, the carrierwave path is like:

  def store_dir
    "tracks/#{model.user_id}/"
  end

However, this is very vulnerable. Anyone can easily guess the url.

For authorised downloading, i can consider: 1. Static download link (this link is valid all time for that user. however, no guests or other users can use that URL) 2. General temporary links for each download!

Please enlighten me with the ways I can consider (i will study them) so that i can secure the files from downloading without purchases.

4

2 回答 2

1

似乎你想要两者,剪辑的公开和轨道的私有。我也在尝试使用以下方法来实现这一点(未经测试)

def fog_public
  return @job.job_kind == 'public'
end
于 2012-11-11T19:37:38.263 回答
0

s3 允许您存储私有文件,它们将仅在给定的时间段内可用并带有访问令牌。

使用carrierwave,您只需fog_publig按照此处的说明将其设置为false https://github.com/jnicklas/carrierwave#using-amazon-s3

于 2012-10-09T18:14:07.013 回答