Hello Brett, If you use nginx you can use the X-Accel-Redirect function. Technicaly, you get the file request on django, you check if the user should have an access to the file and then you send back a header with the filename inside to your instance of NGinx. Nginx then serve the file.
http://stackoverflow.com/questions/263122/custom-http-headers-for-static-files-with-django Have a nice day Brice 2010/2/21 Brett Thomas <brettptho...@gmail.com> > Hey, this is a pretty basic sysadmin question, but seems pretty critical > for django development. What's the best way to limit media on a django site > to certain users? > > A typical example is a photo gallery app. Suppose you are recreating > Flickr, and a user's photos should only be viewable by his/her friends. You > can restrict other users from accessing the django view that presents the > photo. But if the image is on a static media server, the image is still > publicly accessible by its direct URL. > > So, question is: can you add restrictions to a media server connected to > django to say "this image can only be served in a page that was rendered by > a django view"? > > Thanks for the help -- > Brett > > Surprisingly (or not?) Facebook has no such permissions...here's a random > photo from one of my friend's private albums that apparently you can see > without even having a facebook account: > http://photos-f.ak.fbcdn.net/photos-ak-snc1/v2681/23/22/30008/n30008_36329813_2721261.jpg > > > -- blog: http://www.debrice.com project: http://www.kaaloo.com http://www.djangogenerator.com linkedin: http://www.linkedin.com/in/bricepleroy -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
