On Wed, Aug 5, 2009 at 7:28 PM, TheIvIaxx<theivi...@gmail.com> wrote: > > Hello, I have a question that probably spans a few different groups. > However I know this setup is familiar withing the django community. > > I have apache handling all django/python stuff and have lighttpd > handling the static content. All is well,works fine and fast. Auth > is my problem on the static stuff. > > With django i can control auth with the built in auth middleware, > however anyone can just type in a url to a static image and get it. > Other than using directory auth on lighty or apache, how would you > control access to the static content without having the user enter > user/pass info every time them went to the site?
For protected static files I actually consider them non static and use a model with a FileField to keep track of them, then a view to output them that has the @login_required decorator. http://dpaste.com/75843/ you can even go so far as to create a tag library for it so it can be used to display in files inline not just for download. This does make things a little slower then just having them served directly, but if your site is for internal company use only the slowdown will be non-significant in my experiance --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
