Authenticating static content when not using mod_python

Hi folks,

Am I right in thinking the only way to do is this under CGI
etc. is to
either:

1. To use raw HTTP authentication
or
2. To pipe all content through Python by reading the file in
and
serving it from a view


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Django users" group.
To post to this group, send email to django-usersgooglegroups.com
To unsubscribe from this group, send email to
django-users-unsubscribegooglegroups.com
For more options, visit this group at htt
p://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---

check out secdownload plugin using lighttpd server

http://trac.lighttpd.net/trac/wiki/Docs%3AModSecDownload


-Bedros

On Oct 16, 6:58 am, AndyB <andy...gmail.com> wrote:
> Hi folks,
>
> Am I right in thinking the only way to do is this under
CGI etc. is to
> either:
>
> 1. To use raw HTTP authentication
> or
> 2. To pipe all content through Python by reading the
file in and
> serving it from a view


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Django users" group.
To post to this group, send email to django-usersgooglegroups.com
To unsubscribe from this group, send email to
django-users-unsubscribegooglegroups.com
For more options, visit this group at htt
p://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Oct 16, 11:58 pm, AndyB <andy...gmail.com> wrote:
> Hi folks,
>
> Am I right in thinking the only way to do is this under
CGI etc. is to
> either:
>
> 1. To use raw HTTP authentication
> or
> 2. To pipe all content through Python by reading the
file in and
> serving it from a view

Can you explain better what you are wanting to do. In
particular:

If not using mod_python, how are you running Django, from a
CGI
script?

Are you wanting the HTTP authentication to be using Django
user
database?

Any other relevant information would also help, otherwise
mostly
guessing in trying to work out what you want.

Graham


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Django users" group.
To post to this group, send email to django-usersgooglegroups.com
To unsubscribe from this group, send email to
django-users-unsubscribegooglegroups.com
For more options, visit this group at htt
p://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Sorry - I was trying to keep the question simple and
generic.

I am using Django under Apache and FCGI (Dreamhost's setup
not mine)

I need to prevent certain users from accessing certain
static files to
prevent the guessing of URL's for certain files and images.

All the solutions I have seen so far require mod_python
under Apache.

My current plan is the following:
1. capture the file request url and direct it a view.
2. check user permissions
3. Get Python to construct the correct MIME header then read
the
requested file from disk and pipe it through to the user.

If this is the best solution then what would be the most CPU
efficient
way to read a file in and send it over HTTP?

regards,

Andy

On Oct 16, 11:46 pm, Graham Dumpleton
<Graham.Dumple...gmail.com>
wrote:
> On Oct 16, 11:58 pm, AndyB <andy...gmail.com> wrote:
>
> > Hi folks,
>
> > Am I right in thinking the only way to do is this
under CGI etc. is to
> > either:
>
> > 1. To use raw HTTP authentication
> > or
> > 2. To pipe all content through Python by reading
the file in and
> > serving it from a view
>
> Can you explain better what you are wanting to do. In
particular:
>
> If not using mod_python, how are you running Django,
from a CGI
> script?
>
> Are you wanting the HTTP authentication to be using
Django user
> database?
>
> Any other relevant information would also help,
otherwise mostly
> guessing in trying to work out what you want.
>
> Graham


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Django users" group.
To post to this group, send email to django-usersgooglegroups.com
To unsubscribe from this group, send email to
django-users-unsubscribegooglegroups.com
For more options, visit this group at htt
p://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Oct 19, 12:23 am, AndyB <andy...gmail.com> wrote:
> Sorry - I was trying to keep the question simple and
generic.
>
> I am using Django under Apache and FCGI (Dreamhost's
setup not mine)
>
> I need to prevent certain users from accessing certain
static files to
> prevent the guessing of URL's for certain files and
images.
>
> All the solutions I have seen so far require mod_python
under Apache.
>
> My current plan is the following:
> 1. capture the file request url and direct it a view.
> 2. check user permissions
> 3. Get Python to construct the correct MIME header then
read the
> requested file from disk and pipe it through to the
user.
>
> If this is the best solution then what would be the
most CPU efficient
> way to read a file in and send it over HTTP?

Given the constraints you have on your hosting environment,
then that
would seem a reasonable approach. Others more familiar with
Django
than me will need to comment as to the best way of returning
the file.
If the file is small, reading in the full contents of the
file and
returning it as the content is probably reasonable, but if
it is a big
file there may be more appropriate ways in Django for
yielding it as
the result so it isn't read into memory all at the same
time.

Graham

> Andy
>
> On Oct 16, 11:46 pm, Graham Dumpleton
<Graham.Dumple...gmail.com>
> wrote:
>
> > On Oct 16, 11:58 pm, AndyB <andy...gmail.com> wrote:
>
> > > Hi folks,
>
> > > Am I right in thinking the only way to do is
this under CGI etc. is to
> > > either:
>
> > > 1. To use raw HTTP authentication
> > > or
> > > 2. To pipe all content through Python by
reading the file in and
> > > serving it from a view
>
> > Can you explain better what you are wanting to do.
In particular:
>
> > If not using mod_python, how are you running
Django, from a CGI
> > script?
>
> > Are you wanting the HTTP authentication to be
using Django user
> > database?
>
> > Any other relevant information would also help,
otherwise mostly
> > guessing in trying to work out what you want.
>
> > Graham


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Django users" group.
To post to this group, send email to django-usersgooglegroups.com
To unsubscribe from this group, send email to
django-users-unsubscribegooglegroups.com
For more options, visit this group at htt
p://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---

(my reply via email doesn't appear to have made it to the
list - sorry
if the first paragraph is a repeat for anyone)

Thanks Chris, I didn't know about this and it would be the
ideal
solution if I could get Dreamhost to install mod_xsendfile!
Still
hopefully this will be useful for someone out there who is
stuck with
FCGI but has some control over what modules are installed.

Now back to having to do it the laborious way - I remember
being told
that django.views.static.serve wasn't meant to be used in a
production
environment but in this context it seems to do everything I
need (MIME
types etc.). Bearing in mind Django is going to have to
handle the
static content for me is there anything wrong with using
django.views.static.serve?


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Django users" group.
To post to this group, send email to django-usersgooglegroups.com
To unsubscribe from this group, send email to
django-users-unsubscribegooglegroups.com
For more options, visit this group at htt
p://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---