This may be posted in the wrong place, which if it is then please accept my apologies.
Tt the moment I'm designing a web application powered by Django using either apache or litehttpd as the web server and postgres as the database. My problem is that the application requires private folders for all the logged in users to store their content, and hence my problem. I know that you can password protect folders using both apache and litehttpd however their methods don't seem suitable. I need to dynamically add users, and to do this I believe that once you've edited the .conf files you need to restart the server, or have special security files scattered across your system protecting the given folders - this seems very messy and unmanageable. Additionally I don't see how I can distribute workloads across different servers. For example, I'd ideally like a server for running the Django project, and then a separate server hosting the documents; so I could use apache for the main django project and then litehttpd for handling the static content. I'm just not certain how I can stop users from changing the url in order to gain access to different folder e.g. myurl.com/user1/docs - user 1 could then change the url to myurl.com/ user2/docs this would then grant them access to that folder. if I used the security file method then how are you supposed to manage a thousand plus users? One idea I had was to create a hash based on the user and store that as the users folder - it'd be pretty hard guessing 15 character hashes, and then as a second level of security I could re-hash every X minutes, where X minutes may equal 1 day. The downside with this is that the hash would be stored in the address-bar and therefore reveal other users folders. The only way to prevent this would be using https, which ideally I wanted to avoid. Any help would be greatly appreciated. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
