Todd O'Bryan wrote: > Part of my webapp will include a place for users to upload files that > they can save on the server. I teach high school, and this is mostly > designed as a way for students to quickly upload files so that they > can transfer them from home to school and vice versa. > > What I don't understand is how, if the files are saved in the local > filesystem and served by Apache, how do I control access to the files > so that only users who should be able to access them can? In other > words, Bobby uploads a file which I save to the server's filesystem. > Bobby should then be able to get access to the file, and since I give > a link to the URL, sure enough, he can. But what's to stop Susie from > figuring out the URL and requesting the same file? > > Am I just missing something basic here?
Groups. If Bobby and Suzie can't see each others files, give them a group each. Make it so each group is bound to a folder; configure apache as follows: http://www.djangoproject.com/documentation/apache_auth/ using DjangoPermissionName to allocate/fake a group. Don't use an apache .group file or you'll have to manage perms in 2 places. cheers Bill --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~---