On 8/2/06, Max Sinelnikov <[EMAIL PROTECTED]> wrote: > No, you couldn't. Bobby can upload to this directory, Sussie can upload to > this directory, so Sussie can pass Django authorization with her own > login/password and can download all files. The right way is to serve files > in a directory which is not Apache-accessile as offered by Nebojsa Dordevic.
Ah, you're right -- the Django Apache authentication thing wouldn't work for this case at face value. Still, you could use that auth handler as the foundation for a custom handler, which would check permissions on a per-file basis. Adrian -- Adrian Holovaty holovaty.com | djangoproject.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~---
