What you want to use is x-sendfile or one of it's variants depending on your server.
Here's the Nginx page - http://wiki.nginx.org/NginxXSendfile Here's where we use it in Satchmo for securing downloadable files: http://www.bitbucket.org/chris1610/satchmo/src/tip/satchmo/apps/satchmo_store/shop/views/download.py#cl-58 -Chris On Wed, Apr 14, 2010 at 7:06 PM, Dilan <manatu...@gmail.com> wrote: > Hi, > > I know this isn't a completely django-based question but I thought > someone might have an idea, whether it uses Django or not. > > I am currently using what seems to be the typical django server, which > has nginx has a front-end that handles static media while proxying all > other requests to apache. The site I am designing has a lot of plans > for hosting static media, but it only wants certain users to be able > to see that media. > > As an example, think of a photo album site. I want people to be able > to upload and store their files, but that no one else should be able > to seem them. Since they are images, it seems I would use nginx to > deal with the request for any image that is supposed to be displayed. > The problem I have is that in this method, if someone identifies the > URL associated with the image, they can send that URL to anyone and > they could also access that image (since the response is through nginx > and not apache/django). > > I know this might not seem like a big deal, but for the group I am > working for they only want logged-in users to be able to access these > types of files. > > I have been doing some research, and it seems the most common method > is to obfuscate the URLs used for these static media to make it > extremely difficult to identify. Preferably, I can still obfuscate the > URL, but I still want it if someone tried to directly visit the media > url, they would get an error message or say they are not authorized to > view that image. > > Another approach that I was suggest but am not found of is storing > these type of files in database. Specifically, in my case, most of my > files are text-based and could be stored in the database. However, > while I am not an expert on databases, I feel that doing this would be > a significantly slow and space consuming method. > > -Dilan > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-us...@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com<django-users%2bunsubscr...@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
