On 03/03/10 23:35, Merrick wrote:
I wanted to give users who are authenticated the ability to upload
files, that's the easy part that I can handle.
What I cannot figure out is how to restrict the viewing/downloading of
files.
Links, tips, code are appreciated.
This is become quite the FAQ...
That depends where the files are uploaded, but assuming the out-of-box
django behaviour of putting them somewhere in the filesystem: Basically,
one good option is to do the auth with django, then have django instruct
the hosting web server to send a file to the client as the response from
a restricted location, rather than just exposing the file directly
through the web server without authentication.
You do this by setting certain magic headers, though exactly which one
and what to set it to and what web server config is necessary depends
heavily on what web server you're using. See e.g. a recent thread
regarding "Best practices for restricting media?"
http://groups.google.com/group/django-users/browse_thread/thread/a55b1b827849efee/eec041421c11a167
Which will introduce you to X-Sendfile, X-Accel-Redirect, Location...
Another option is to just serve the file back out through django. Rather
less efficient, but depending on your application, file sizes and load
it may not matter, and is certainly easy to get working...
--
You received this message because you are subscribed to the Google Groups "Django
users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
