Django File Access Security
I want to restrict access to all but a few selected files per a user, but if I type: /media/userdocuments/FILENAME django happily spits back the file for even users who aren't logged in. How can I integrate the permission framework to work around this?
Thanks!
EDIT: I realize that the d开发者_StackOverflowjango development server is insecure, so I guess the question is: How would I do that in a production environment with apache, lighttp, etc.
Use RewriteMap
along with a script that connects to Django and verifies permissions, rewriting to a "disallowed" URL on auth failure.
精彩评论