Help me understand rails authentication with r / t resources like swfs
I am a noob rail. I am having a problem with the concept of how assets work on an authenticated system.
All the tutorials I've seen so far are about putting your swfs in a shared folder and embedding them in your view. However, the swf I am using is a flexible GUI that should only be used by users who are logged in through quiet authentication. I believe that including the gui in the shared folder will defeat the goals of creating an authentication system.
So what is everyone doing to restrict access to this static content?
a source to share
You want to be a little careful here. If your system is properly secured, an unauthenticated user who has a Flex GUI cannot use it, right? It must also be registered. So, is there any reason not to let any user download the SWF file?
If only the SWF file has enough "authentication" to use the site, you have a security hole. Consider
a) A user can provide a copy of the downloaded SWF file to someone else who could use it, even if they were unable to download it from your site.
b) The Flex GUI uses HTTP to communicate with your site, to retrieve data, and to send commands. Anyone can write a program or use other means to send the same HTTP requests without using the Flex GUI.
a source to share