If you want to use Django user database for HTTP Basic/Digest authentication across static files and other non Django URLs, as well as Django, then you can also use mod_wsgi 2.0 instead of mod_python. See:
http://code.google.com/p/modwsgi/wiki/AccessControlMechanisms When using the mod_python way of doing things, Digest type authentication is not an option where as it is with mod_wsgi (provided you are using Apache 2.2 :-)). The mod_wsgi support for group authorisation also matches better the Apache way of doing things. Graham On Feb 19, 5:55 am, Rajesh Dhawan <[EMAIL PROTECTED]> wrote: > Hi Tim, > > > I've read the docs for authentication but I can't see how I can replicate > > existing functionality I have using php. > > > I have a directory /private on the web server, marked using .htaccess > > and .htpasswd to only allow access if a username is passed. Anything I put > > inside this directory (images, html etc) all require the password before the > > asset can be returned to the browser. > > Firstly, there is a big difference between PHP's filesystem based > architecture and Django's MVC-like one. Assuming that you are > following the Django recommendation of serving your media files > directly through Apache (or another web server), you can continue to > use your .htaccess files at least for your media files. To secure your > Django "views" with authentication, you will need to use Django's > authentication facility. If you want to make Apache use a Django auth > backend, take a look > at:http://www.djangoproject.com/documentation/apache_auth/ > > > > > Is there any way to do this with django auth? I need to have confidence > > that > > nothing can be returned (including direct image urls) from the /private > > directory without login. Can I use http .htaccess style authentication with > > django? > > If you're using the /private filesystem directory to hold just your > media files (i.e. /private/* does not map on to any Django views) > *and* if you're using Apache to server those /private/* media files > directly (i.e. not using Django's static media serving DEVELOPMENT- > ONLY NON-PRODUCTION-USE[1] feature), the .htaccess method of securing > those files will work fine. > > -Rajesh Dhawan > > [1]http://www.djangoproject.com/documentation/static_files/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
