How to secure images with Rails?

Question

I have a gallery in my rails app that needs to only allow certain images to be shown to specific, logged in users. I am using Paperclip for image processing now, but it saves all images in a public folder available to anyone.

Note that I don't have to use Paperclip if there is a better way, and I already have the login system in place. I just need a way to place the images in a non-public location, but still be able to serve them as needed.

Is it possible to only allow these images to be served to authenticated users?

Answer 1

Here you can find how to change the path of the uploaded pictures. If you have done this. You need to create a controller which serves these static files.

For Example: Paperclip sample app part 2: downloading files through a controller

Is it possible to only allow these images to be served to authenticated users?

Yes, you just need to check if the user is logged in in the controller action responsible for the image.