Hi, I know this isn't a completely django-based question but I thought someone might have an idea, whether it uses Django or not.
I am currently using what seems to be the typical django server, which has nginx has a front-end that handles static media while proxying all other requests to apache. The site I am designing has a lot of plans for hosting static media, but it only wants certain users to be able to see that media. As an example, think of a photo album site. I want people to be able to upload and store their files, but that no one else should be able to seem them. Since they are images, it seems I would use nginx to deal with the request for any image that is supposed to be displayed. The problem I have is that in this method, if someone identifies the URL associated with the image, they can send that URL to anyone and they could also access that image (since the response is through nginx and not apache/django). I know this might not seem like a big deal, but for the group I am working for they only want logged-in users to be able to access these types of files. I have been doing some research, and it seems the most common method is to obfuscate the URLs used for these static media to make it extremely difficult to identify. Preferably, I can still obfuscate the URL, but I still want it if someone tried to directly visit the media url, they would get an error message or say they are not authorized to view that image. Another approach that I was suggest but am not found of is storing these type of files in database. Specifically, in my case, most of my files are text-based and could be stored in the database. However, while I am not an expert on databases, I feel that doing this would be a significantly slow and space consuming method. -Dilan -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
