On 01/01/16 15:49, Fabio Caritas Barrionuevo da Luz wrote:
A question: are there any plans to also improve MEDIA files (user
uploaded files) in any foreseeable future?
Perhaps this is outside the scope of Django, but I believe Django could
provide by default, any option to get a little more control over who can
and can not access the MEDIA files.
I certainly agree that at least some basic form of access control ought
be provided in core/contrib.
Most Django deployment tutorials with Nginx and Apache that saw out
there do not say anything on the issue of data security.
I believe it is a common use case, that not every file sent by a User
should be available and accessible to anyone on the web.
I was talking with Tom Eastman about a related topic at PyConAU this
year, and I believe the solution is multiple storage engines.
Basically, for each realm of access, have a separate file storage
instance with its own access policy.
We could then register each storage engine we want published with the
static/media server machinery, with its associated policy...
Hmm... I think I've just created myself a new project...
--
Curtis
--
You received this message because you are subscribed to the Google Groups "Django
developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/56864707.5030007%40tinbrain.net.
For more options, visit https://groups.google.com/d/optout.
