Hello Curtis and Fabio, You can have a look at django- private-media, which implement a private storage engine : https://github.com/RacingTadpole/django-private-media
Basic usage : > from private_media.storages import PrivateMediaStorage class Car(models.Model): > photo = models.ImageField(storage=PrivateMediaStorage()) Regards, Thomas. On Friday, January 1, 2016 at 1:30:05 PM UTC+4, Curtis Maloney wrote: > > On 01/01/16 15:49, Fabio Caritas Barrionuevo da Luz wrote: > > A question: are there any plans to also improve MEDIA files (user > > uploaded files) in any foreseeable future? > > > > Perhaps this is outside the scope of Django, but I believe Django could > > provide by default, any option to get a little more control over who can > > and can not access the MEDIA files. > > I certainly agree that at least some basic form of access control ought > be provided in core/contrib. > > > Most Django deployment tutorials with Nginx and Apache that saw out > > there do not say anything on the issue of data security. > > > > I believe it is a common use case, that not every file sent by a User > > should be available and accessible to anyone on the web. > > I was talking with Tom Eastman about a related topic at PyConAU this > year, and I believe the solution is multiple storage engines. > > Basically, for each realm of access, have a separate file storage > instance with its own access policy. > > We could then register each storage engine we want published with the > static/media server machinery, with its associated policy... > > Hmm... I think I've just created myself a new project... > > -- > Curtis > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/ec589ee2-0a0f-4566-9161-7ca1474104fc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
