Upload file above /public, authenticate before serving?

I have file uploads to the database and stored in a longblob working on
our client extranet, except that it kills mysql/activeRecord on files
bigger than about 200kb. (is there a reason for this - running mysql
5.0.18, lighttpd or webrick on winxp??)

So I’m now thinking about whether its possible to do either:

  1. upload a file into #rails_root/some_folder/ instead of
    /public/some_folder, store a reference to the file in the db instead and
    somehow serve it up to authenticated users

or 2) upload the file into /public/folder but find a way of only serving
up the files to authenticated users (I’m currently using login_system.rb
to authenticate users)

anyone have any ideas? I’m stumped…

If you are using lighttpd, there is secure download mod, so you can
store
the files outside public and authenticated users can get a specially
formatted url with limited lifetime, and the files gets served by the
webserver. If you set the time low, you don’t have to worry about
hot-linking.