Django recommends saving images to the file system since this gives better performance than storing the files in a database. However I don't seen any documentation on how to restrict access to those files by user. If someone knows the url to your image directory they could possibly view all the content of that directory. If you create a social network or a multi tenant application how will you handle this issue?
While writing this up I learned about preventing directory listing, is this secure enough. how about obfuscating file or directory names. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
