You probably want to implement this with X-Sendfile (or X-Accel-Redirect for Nginx) headers. Those tell the frontend server to serve a specific file.
This explains it a bit. http://stackoverflow.com/questions/1156246/having-django-serve-downloadable-files By googling you will find many examples. Tino On Tuesday, May 1, 2012 4:47:58 PM UTC+2, Kurtis wrote: > > You could use a pseudo-random filename so that it's very unlikely people > will be able to easily find other's photos. > > If you're very concerned with users being authenticated before viewing the > media (which to me, sounds like there won't be a huge load on that segment > of your web application) then you can easily use Django to simply store the > files to a private directory and let Django handle serving the images. It's > not the most efficient technique in terms of speed but it's a reasonable > compromise for the security you're looking for. > > On Tue, May 1, 2012 at 4:23 AM, Nenad Cikic <nenad.ci...@gmail.com> wrote: > >> Hello, >> how can i serve the file uploaded files (images)? What I mean I have few >> model with images, and I see images in the change form. >> The problem is that I can see the same images by writing directly the >> media path in the web address. And since the model is designed to have data >> split between the users I do not want the images to be seen that way. >> I have looked and found >> >> https://docs.djangoproject.com/en/dev/howto/static-files/?from=olddocs#staticfiles-other-directories >> What I have done is to add to the url the following >> url(r'^media/(?P<path>.*)$', "registracija.views.myuploadedfileview", >> {'document_root': settings.MEDIA_ROOT,}), >> >> and then the view is something as: >> #parse the request and try to undestand if the image is mine >> if yes: >> return serve(request, path, document_root, show_indexes) >> else: >> return HttpResponseNotFound() >> >> This is working; what bothers me is that the serve function is, as in >> docs, stated to be used only in development. >> But if I serve the images directly by the web server, would I bypass my >> security checks? >> Is there any other way to achieve my means? >> Thanks >> Nenad >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django users" group. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/django-users/-/qJAqbma_ZdAJ. >> To post to this group, send email to django-users@googlegroups.com. >> To unsubscribe from this group, send email to >> django-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/django-users?hl=en. >> > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/vN8fm7ylyrEJ. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
