Thanks, I think this exactly what I need. -Dilan
On Apr 14, 9:06 pm, Chris Moffitt <ch...@moffitts.net> wrote: > What you want to use is x-sendfile or one of it's variants depending on your > server. > > Here's the Nginx page -http://wiki.nginx.org/NginxXSendfile > > Here's where we use it in Satchmo for securing downloadable > files:http://www.bitbucket.org/chris1610/satchmo/src/tip/satchmo/apps/satch... > > -Chris > > On Wed, Apr 14, 2010 at 7:06 PM, Dilan <manatu...@gmail.com> wrote: > > Hi, > > > I know this isn't a completely django-based question but I thought > > someone might have an idea, whether it uses Django or not. > > > I am currently using what seems to be the typical django server, which > > has nginx has a front-end that handles static media while proxying all > > other requests to apache. The site I am designing has a lot of plans > > for hosting static media, but it only wants certain users to be able > > to see that media. > > > As an example, think of a photo album site. I want people to be able > > to upload and store their files, but that no one else should be able > > to seem them. Since they are images, it seems I would use nginx to > > deal with the request for any image that is supposed to be displayed. > > The problem I have is that in this method, if someone identifies the > > URL associated with the image, they can send that URL to anyone and > > they could also access that image (since the response is through nginx > > and not apache/django). > > > I know this might not seem like a big deal, but for the group I am > > working for they only want logged-in users to be able to access these > > types of files. > > > I have been doing some research, and it seems the most common method > > is to obfuscate the URLs used for these static media to make it > > extremely difficult to identify. Preferably, I can still obfuscate the > > URL, but I still want it if someone tried to directly visit the media > > url, they would get an error message or say they are not authorized to > > view that image. > > > Another approach that I was suggest but am not found of is storing > > these type of files in database. Specifically, in my case, most of my > > files are text-based and could be stored in the database. However, > > while I am not an expert on databases, I feel that doing this would be > > a significantly slow and space consuming method. > > > -Dilan > > > -- > > You received this message because you are subscribed to the Google Groups > > "Django users" group. > > To post to this group, send email to django-us...@googlegroups.com. > > To unsubscribe from this group, send email to > > django-users+unsubscr...@googlegroups.com<django-users%2bunsubscr...@googlegroups.com> > > . > > For more options, visit this group at > >http://groups.google.com/group/django-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
