I would like my users to be able to upload some files which are strictly related to them. The resource is only visible if they authenticate to the web service, so should the file attachment be.
Now with Paperclip I can specify the upload location of the files and even obfuscate the filename like so:
has_attached_file :avatar, {
:url => "/system/:hash.:extension",
:hash_secret => "longSecretString"
}
But still, all files are stored in the same place and by brute-forcing you COULD see files that do not belong to you, even though unlikely.
Is there any way to protect the files from being seen by people that shouldn't?