AWS S3/Ruby on Rails/ heroku: Security hole in my app

Question

I have a route in my config which says that for a page, say /secure, there is a login required (done via authlogic). A before_filter in my controller takes care

Answer 1

The simplest and easiest solution is just to name your S3 assets with random, unguessable filenames, and then only expose the secret URLs to the people who should have access.

This is how Facebook photos and many other sites work (there is no privacy or security beyond the obscurity of the individual filenames).