Re: Restrict access to user-uploaded files to authorized users

2013-09-26 Thread Sanjay Bhangar
On Thu, Sep 26, 2013 at 6:54 AM, m1chael wrote: > I think Xsendfile is what you want > > +1. I know the OP said it maybe hard to install apache modules, but I would really try and check with the host, etc. - it should ideally not be such an issue to install mod-xsendfile, and this is exactly the

Re: Restrict access to user-uploaded files to authorized users

2013-09-26 Thread Frank Bieniek
Django filer might be usefull http://django-filer.readthedocs.org/en/latest/secure_downloads.html Am 26.09.13 03:24, schrieb m1chael: I think Xsendfile is what you want On Wed, Sep 25, 2013 at 12:51 PM, Mattias Linnap > wrote: > Are there any obvious solutions

Re: Restrict access to user-uploaded files to authorized users

2013-09-25 Thread m1chael
I think Xsendfile is what you want On Wed, Sep 25, 2013 at 12:51 PM, Mattias Linnap wrote: > > Are there any obvious solutions that I have over looked? Or am I stuck > having to use django to serve the files? > > Depending on the security that you aim to achieve, one option would be to > add a

Re: Restrict access to user-uploaded files to authorized users

2013-09-25 Thread Mattias Linnap
> Are there any obvious solutions that I have over looked? Or am I stuck having to use django to serve the files? Depending on the security that you aim to achieve, one option would be to add a custom file storage implementation that overrides https://github.com/django/django/blob/master/django/c

Re: Restrict access to user-uploaded files to authorized users

2013-09-25 Thread Michael Fladischer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2013-09-24 22:53, J Y wrote: > Are there any obvious solutions that I have over looked? Or am I > stuck having to use django to serve the files? If you have deployed through mod_wsgi: Just serve the files through Apache but restrict access by hav

Re: Restrict access to user-uploaded files to authorized users

2013-09-24 Thread m1chael
mod_xsendfile for apache has worked for me, don't know if it will work for you On Tue, Sep 24, 2013 at 5:08 PM, Simon Charette wrote: > I'm not aware of any solution except serving from Django if you can't > install Apache plugins. > > If you're really stuck with serving large files from Django I

Re: Restrict access to user-uploaded files to authorized users

2013-09-24 Thread Simon Charette
I'm not aware of any solution except serving from Django if you can't install Apache plugins. If you're really stuck with serving large files from Django I'd recommend you streamthe content of the fi

Restrict access to user-uploaded files to authorized users

2013-09-24 Thread J Y
I am buliding a tool that needs to have the ability to allow user to upload a file, and the file should only be accessible by the user who uploaded it. It seems that the MEDIA_ROOT directory must be placed in the public www directory for front end web servers Apache to serve the file, which cu