If you want to prevent hotlinking to your documents or illicit access, then I would suggest writing a view that generates a unique URL per access. For instance, a user hits your view, they get a randomly generated link to access the file. You store that random link in their session as a one-to-one mapping to the pk of the file they want to download -- then you have a url/view that will take that random link and lookup the file. Afterward that random link is purged from their session. Of course, this also means that Django would have to either serve the file itself, or you would have to rename the file on disk after every access .. which would be lame.
On Aug 13, 11:00 am, stupidgeek <thestupidg...@gmail.com> wrote: > Hi there, > > So I'm practically done with my first django site (i've worked with > PHP for years, and I'm so glad I found django), but I am having some > trouble with securing files; let me explain: > > I've written a faculty review system, with tight checks on access for > reviews, based on committees, etc. Each review contains a document, > held by a models.FileField, and I would like to restrict access to the > file; ie not put it under my DocumentRoot (/var/www), so that it can > only be accessed from within django only (and, of course, access will > be limited by my views). > > Is this possible? As far as I understand, when you access a FileField, > you get back the filename, which you then use somehow to link to it. > This of course means that the file must be under the document root, > which doesn't secure it for me (as anyone with the URL will be able to > access it) - this is NOT an option. > > I'd be happy if someone could even link me to relevant docs. > > Thanks, > Brenton. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
