On Fri, 2007-05-18 at 10:05 +0000, Guyon Morée wrote: > Hi all, > > The django docs tell me i'm better of serving my static files through > a webserver instead of django itself. This is fine, but it gives me a > design problem. > > I'm letting my users upload files to my server through django. The > filepaths are stored in a table. The files are accessible to my > webserver for static serving. The only problem i have now is securing > them. > > user A uploads file 1 to /static_files/file1.jpg > user B uploads file 2 to /static_files/file2.jpg > > now, user B can access /static_files/file1.jpg > > One 'solution' i thought of was making the filename totally > unguessable like $52345$#%3743&.jpg or something like that, but that > seems kind of ugly.
Ask yourself the broader question (i.e. solve the simpler problem first): how would you do this if Django wasn't involved? If you were somehow storing user files on the disk and letting users request them, without going through any CGI-like interface (since you apparently want to serve them as static pages), how are you going to secure the files? Then work that solution back into your Django app. It may well turn out that you can't do it with the standard FileField, since that isn't designed for per-user access permissions. Regards, Malcolm --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
