Re: Authentication Question
If you want to use Django user database for HTTP Basic/Digest authentication across static files and other non Django URLs, as well as Django, then you can also use mod_wsgi 2.0 instead of mod_python. See: http://code.google.com/p/modwsgi/wiki/AccessControlMechanisms When using the mod_python way of doing things, Digest type authentication is not an option where as it is with mod_wsgi (provided you are using Apache 2.2 :-)). The mod_wsgi support for group authorisation also matches better the Apache way of doing things. Graham On Feb 19, 5:55 am, Rajesh Dhawan <[EMAIL PROTECTED]> wrote: > Hi Tim, > > > I've read the docs for authentication but I can't see how I can replicate > > existing functionality I have using php. > > > I have a directory /private on the web server, marked using .htaccess > > and .htpasswd to only allow access if a username is passed. Anything I put > > inside this directory (images, html etc) all require the password before the > > asset can be returned to the browser. > > Firstly, there is a big difference between PHP's filesystem based > architecture and Django's MVC-like one. Assuming that you are > following the Django recommendation of serving your media files > directly through Apache (or another web server), you can continue to > use your .htaccess files at least for your media files. To secure your > Django "views" with authentication, you will need to use Django's > authentication facility. If you want to make Apache use a Django auth > backend, take a look > at:http://www.djangoproject.com/documentation/apache_auth/ > > > > > Is there any way to do this with django auth? I need to have confidence > > that > > nothing can be returned (including direct image urls) from the /private > > directory without login. Can I use http .htaccess style authentication with > > django? > > If you're using the /private filesystem directory to hold just your > media files (i.e. /private/* does not map on to any Django views) > *and* if you're using Apache to server those /private/* media files > directly (i.e. not using Django's static media serving DEVELOPMENT- > ONLY NON-PRODUCTION-USE[1] feature), the .htaccess method of securing > those files will work fine. > > -Rajesh Dhawan > > [1]http://www.djangoproject.com/documentation/static_files/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: Authentication Question
On Monday 18 Feb 2008, Rajesh Dhawan wrote: > If you want to make Apache use a Django auth backend, > take a look at: > http://www.djangoproject.com/documentation/apache_auth/ Thanks Rajesh, I think this is exactly what I was fumbling towards! (Excellent analysis of my non-MVC ramblings as well, bravo) Cheers, Tim. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: Authentication Question
Hi Tim, > I've read the docs for authentication but I can't see how I can replicate > existing functionality I have using php. > > I have a directory /private on the web server, marked using .htaccess > and .htpasswd to only allow access if a username is passed. Anything I put > inside this directory (images, html etc) all require the password before the > asset can be returned to the browser. Firstly, there is a big difference between PHP's filesystem based architecture and Django's MVC-like one. Assuming that you are following the Django recommendation of serving your media files directly through Apache (or another web server), you can continue to use your .htaccess files at least for your media files. To secure your Django "views" with authentication, you will need to use Django's authentication facility. If you want to make Apache use a Django auth backend, take a look at: http://www.djangoproject.com/documentation/apache_auth/ > > Is there any way to do this with django auth? I need to have confidence that > nothing can be returned (including direct image urls) from the /private > directory without login. Can I use http .htaccess style authentication with > django? If you're using the /private filesystem directory to hold just your media files (i.e. /private/* does not map on to any Django views) *and* if you're using Apache to server those /private/* media files directly (i.e. not using Django's static media serving DEVELOPMENT- ONLY NON-PRODUCTION-USE[1] feature), the .htaccess method of securing those files will work fine. -Rajesh Dhawan [1] http://www.djangoproject.com/documentation/static_files/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
