This is a simple question but I can't seem to find an answer for it anywhere. If you store some files (say some static PDFs) in your public directory, is there a way that someone who isn't authorized to view those files, can view them by typing in a url like example.com/public/static_document.pdf? If so, can you disable this in Rails?
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
The public is definitely public and open to people guessing the URL.
Check out Ruby On Rails - Securing Downloads Area for someone else asking similar.
I store these generally in Rails.root/secure_files and then use send_file in the Controller to authorize and send these files.
回答2:
The public folder contains the static files and compiled assets for the client to read. The folder by default is accessible to anyone visiting your site. Test it by typing in a slug of the folder name currently in your public folder.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 冷血范 的文章《Are files in public folder accessible to outside w》','https://www.manongdao.com/article-879018.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}