Ruby On Rails - 保护下载区 [英] Ruby On Rails - Securing Downloads Area

问题描述

如果我将文件上传到我的服务器，从而让客户/客户下载这些文件.如何限制文件的访问?

If I upload files to my server and thus have clients/customers download these files. How may I restrict the access of the file?

例如，如果我将文件上传到 www.domain.com/files/download.zip

Such as, if I upload a file to www.domain.com/files/download.zip

如果用户有正确的权限，他可以下载文件，但如果用户知道文件本身的直接链接怎么办?

And if the user has correct permissions he can download the file, but what if the user knows the direct link to the file itself?

因为我可以想象如果用户无权查看链接，如何不在网站上向用户显示链接，但是我如何防止某人只输入文件位置的直接 URL下载文件?

Cause I can imagine how to not show the link to the user on the site if they don't have permission to see the link, but how do I prevent someone from just typing in the direct URL of the location of the file to download the file?

提前致谢.

推荐答案

如果您想保护这些上传内容，请不要将它们放在 /public 中.将它们保存在 Web 根目录之外的文件夹中，然后使用使用 send_file 允许他们在获得授权的情况下下载文件.

Don't put those uploads in /public if you want to secure them. Keep them in a folder outside of your web root, then have a controller that uses send_file to allow them to download the file if authorized.

这篇关于Ruby On Rails - 保护下载区的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！