alain31 wrote:
> Hello,
> if I use pictures in a django project, that only some users can see
> (based on django's authentification middleware and special
> attributes),
> I cannot use static files as anybody could browse http://mediaurl/(...).jpg
> and access private photos.
> I thought to write a django view that returns a mime image from a safe
> dir and test user permission in that view. As this seems quite
> common, I wondered if there is a clean way to do this and an out of
> the box solution available (a ProtectedImageField for example)?
Use the X-Sendfile header (supported by Apache and Lighttpd) or the X-
Accel-Redirect header (supported by nginx). Here's a starting point
for Lighttpd:
http://blog.lighttpd.net/articles/2006/07/02/x-sendfile
In short, your Django file serving view, checks the logged in user's
auth permissions to the given file, and sends an empty response back
with the X-Sendfile header. This directs your web server to stream
that file directly to the user from the file system. You can protect
the root of this directory from being served directly with a suitable
web server configuration for that Location or Directory.
-Rajesh D
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
