Given you store files on Amazon S3 and you need to stream those files out to people while you don't want them to be able to distribute the content simply by sharing the S3 URL.

Rails professionals since 2007

Our laser focus on a single technology has made us a leader in this space. Need help?

• We build a solid first version of your product
• We train your development team
• We rescue your project in trouble

Read more Show archive.org snapshot

You could either mark the bucket as private and fetch the appropriate files from S3 to your application server and stream them to the client finally. While this is possible, I'd recommend to use what AWS calls "Query String Authentication" Show archive.org snapshot .

If you're using Paperclip you can chose between two storage adapters (S3 and Fog) that are both capable of handling that for you.
See and documentation Show archive.org snapshot .

irb(main):003:0* your_model.document.public_url
=> "https://your-bucket.s3.amazonaws.com/files//foo/bar/123/456/ab/cd/1/2/3/original/Attachment.pdf"

irb(main):004:0> your_model.document.expiring_url
=> "http://s3-eu-west-1.amazonaws.com/your-bucket/files/foo/bar/123/456/ab/cd/1/2/3/original/Attachment.pdf?AWSAccessKeyId=ABSJASHJK232JAHBS&Signature=V6aJhal2kaB4bxKal23lSMV%2F9w%3D&Expires=1347889426"

The expiring_url method carries out a web service call to S3 to gain the data for AWSAccessKeyId and Signature being used within the URL. So you should not include those links within views but only when the document is requested, i.e. link to attachments/:id and receive + redirect to the expiring_url when the show method of your AttachmentsController.