The most secure way, in my opinion, is to keep the files in a directory which is not accessible via the webserver and write a wrapper view, which would return the static files if the user within the current session has appropriate permissions.
Regards, Aidas Bendoraitis aka Archatas On 5/18/07, Guyon Morée <[EMAIL PROTECTED]> wrote: > > Hi all, > > The django docs tell me i'm better of serving my static files through > a webserver instead of django itself. This is fine, but it gives me a > design problem. > > I'm letting my users upload files to my server through django. The > filepaths are stored in a table. The files are accessible to my > webserver for static serving. The only problem i have now is securing > them. > > user A uploads file 1 to /static_files/file1.jpg > user B uploads file 2 to /static_files/file2.jpg > > now, user B can access /static_files/file1.jpg > > One 'solution' i thought of was making the filename totally > unguessable like $52345$#%3743&.jpg or something like that, but that > seems kind of ugly. > > Any ideas? > > cheers, > > Guyon > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
