I'm trying to find an answer to a dilemma and I'd like some suggestions.
- Type of app: a web app using Ruby on Rails.
- Issue: product owner wants to minimize access to images for privacy reasons.
- Considerations:
- Images can be full photos, and are not limited to small icons.
- Question is specifically about how image files are served to users (i.e., in the
srcattribute of an<img>tag). - These are not user-submitted images, so users' privacy is not what's at stake here – they're specifically for confidential images that need to be served only to users who have the permissions to see them. The images should be as accessible as the pages that they will appear in.
- Solutions I've come up with:
- Privacy through obscurity by avoiding identifiable patterns and using very long strings for the image paths. The image files would be publicly available like the vast majority of images on the web, but they'd be nearly impossible to find.
- Base64 and Data URIs with the encodings either stored on the DB or YML files. A user's access to the file is as private as the user's access to the page where the image is served.
I'm aware of the shortcomings of using Base64 encoding, but if privacy is high enough a priority, they might be compromises.
Any other suggestions?