On 20/05/2010 11:00am, Lee Hinde wrote:
I'm working on an intranet app for a client that will have file uploads.
I'm early in the process, but have the uploading working just fine via
admin.
Once we get to deployment, I'm unclear on how to coordinate the security
that django will know about (group X has access to X's files, but not
group Y's),
When I poke around for discussions on protecting uploaded files, the
most recent and seemingly on point discussion is here:
http://stackoverflow.com/questions/2780893/django-authentication-htaccess-static
Which is basically suggesting that one hash the name and hope that
no-one guesses the resulting path.
What's best practice here?
If it has to be secure rather than just wishful thinking the webserver
must demand credentials. If you are using Apache, that means .htaccess
files which point to a list of credentials for each group.
Maybe you could obtain a django authentication backend which Apache can
use as well? On an Intranet you should be able to access LDAP
connectivity somewhere - Microsoft AD, Novell eDirectory or Linux LDAP.
I'm very interested in your progress here because I have to travel this
road in the medium term future.
I have done a test implementation of Peter Herndon's django-ldap-groups
with eDir and one of the next steps for me is to look at the Apache LDAP
docs.
http://code.google.com/p/django-ldap-groups/
Good luck
Mike
Thanks.
- Lee
--
You received this message because you are subscribed to the Google
Groups "Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
--
You received this message because you are subscribed to the Google Groups "Django
users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.