开发者

Django File Access Security

I want to restrict access to all but a few selected files per a user, but if I type: /media/userdocuments/FILENAME django happily spits back the file for even users who aren't logged in. How can I integrate the permission framework to work around this?

Thanks!

EDIT: I realize that the d开发者_StackOverflowjango development server is insecure, so I guess the question is: How would I do that in a production environment with apache, lighttp, etc.


Use RewriteMap along with a script that connects to Django and verifies permissions, rewriting to a "disallowed" URL on auth failure.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜