Hi there, So I'm practically done with my first django site (i've worked with PHP for years, and I'm so glad I found django), but I am having some trouble with securing files; let me explain:
I've written a faculty review system, with tight checks on access for reviews, based on committees, etc. Each review contains a document, held by a models.FileField, and I would like to restrict access to the file; ie not put it under my DocumentRoot (/var/www), so that it can only be accessed from within django only (and, of course, access will be limited by my views). Is this possible? As far as I understand, when you access a FileField, you get back the filename, which you then use somehow to link to it. This of course means that the file must be under the document root, which doesn't secure it for me (as anyone with the URL will be able to access it) - this is NOT an option. I'd be happy if someone could even link me to relevant docs. Thanks, Brenton. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
