Welcome Guest | Login

Sending files securely with Ruby on Rails...

Hey all,

Part of the application I'm currently building involves sending files based on authentication... i.e., the user must be logged in and authenticated to download the files. The files are medium-sized (several megabytes) and stored outside of site root.

I know about Rails' send_file but there are some issues with that. Mainly performance concerns, but also there's seemingly a lot involved with setting headers (mime-type, etc.), protecting against site hacking, etc.

From my Googling it appears that using an X-SendFile header is the preferred way to do it... robust, secure, doesn't have Ruby do the heavy lifting...

So my question, I suppose, is... do HostingRails servers support X-SendFile? And if not, does anyone have any good suggestions I should hear?

Thanks,
Luke

Apache mod: http://celebnamer.celebworld.ws/stuff/mod_xsendfile/

2007-01-07 08:48 PM

I don't believe we support it - but I'll look into it and see if there's anything I can do for you to get it installed.  We try not to mess around too much with servers in full production, but I think this one might be able to slide....I'll let you know.  In the mean time plan on using send_file.  Cheers,  ~William

2007-01-08 04:07 PM

Ok - I tried - but it doesn't look like we're going to be able to support this custom apache module on our shared servers - we to keep our modules consistent and we would need to perform a number of tests on X-SendFile to learn more about how much system resources it uses.  Sorry about that - are you able to get send_file working?

2007-01-09 03:44 AM

Yeah, send_file will be fine for now. Thanks for looking into it though! My last host woulda just said, "uhh... no." :-)

Cheers,
Luke

2007-01-09 04:04 PM


Hello Guest! In order to post you must be an active client with us, please log in or sign up today!