search

google-code-export / marinemap

Automatically exported from code.google.com/p/marinemap
Other
1 stars 2 forks source link

Secure media #422

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
This is IMO a huge problem with Django and it sucks that we need to develop a 
workaround but...

Django writes FileFields to the MEDIA_ROOT dir. As a result, cached files and 
user-uploaded files gets stored relative to MEDIA. 

But its also where static media is stored so it is wide-open web accessible 
through apache. 

We need a system whereby user-uploaded and cached content can be hidden behind 
django-level authentication with sharing permissions, etc

One proposed solution:
a) have a private media dir (MEDIA_ROOT/private/) which we lock down via apache 
settings and in the urlconf

b) all sensitive FileFields write to 'private/appname/____' 

c) set up an urlpattern to capture private media urls and a session key like:

   /appname/getsomefile/array/1

d) set up a view to authenticate, determine permissions and serve the file back
 (see http://djangosnippets.org/snippets/365/)

Basically a ton of scaffolding work to create a django proxy to bypass apache.

Another option would be to:

a) structure filefields to store data according to a convention whereby we 
could determine the model, fieldname and pk from the file path:

   /spacing/array/1/cached_spacing_kmz/_____

b) Use django as an apache authentication provider whereby permissions for the 
object could be determined by parsing the path (eg From the example above, look 
for Array.objects.get(pk=1) and check with the can_user_view() sharing utility)

http://code.google.com/p/modwsgi/wiki/AccessControlMechanisms

Both of these options suck so I'm hoping someone has a better idea!

Without exception

Original issue reported on code.google.com by perrygeo...@gmail.com on 20 Aug 2010 at 9:52

GoogleCodeExporter commented 9 years ago 
Seems like these strategies could be implemented via a custom storage backend:
http://docs.djangoproject.com/en/dev/topics/files/#file-storage
This allows you to store files at an arbitrary location, and point the url to a 
custom view that can do the authentication. The url would not have to be 
relative to MEDIA_URL this way. The documentation actually has an example of 
this.

How to tie this to group sharing functionality I haven't really though about.

Original comment by underbluewaters on 23 Aug 2010 at 6:01

GoogleCodeExporter commented 9 years ago

Original comment by perrygeo...@gmail.com on 20 Sep 2011 at 8:08