Posted almost 5 years ago. Visible to the public.

Secure storage of file attachments [2d]

Read Deliver Paperclip attachments to authorized users only. Implement the tasks in this card using similar techniques, even if you are using Carrierwave instead of Paperclip.

Add the following feature to MovieDB:

  • Actors have a contract document
  • Only users with an admin role are allowed to upload or download contract documents
  • It should be impossible for an unauthorized user to access a contract document, e.g. by guessing the download URL

Create two implementations of this requirement:

  1. Contracts are saved to RAILS_ROOT/public/system, but including a non-guessable secret in their path
  2. Contracts are saved to RAILS_ROOT/storage and can only be downloaded through a controller action that checks authorization

Discuss the pros and cons of both implementation with your mentor. In particular:

  • How much load does each implementation cause on the server?
  • Can you withdraw access permissions from someone who used to have them?

Owner of this card:

Avatar
Henning Koch
Last edit:
3 months ago
by Henning Koch
Posted by Henning Koch to makandra Curriculum
This website uses short-lived cookies to improve usability.
Accept or learn more