Online static content protection
How can I allow users authenticated through Python code to access specific files on the server?
For example, let's say I have /static/book.txt
one that I want to protect. When the user accesses /some/path/that/validates/him
, the Python script considers it worthy of access /static/book.txt
and redirects it to that path.
How can I stop users from bypassing the script and accessing directly /static/book.txt
?
Lighttpd has mod_secdownload for this. Basically, it won't serve static content directly unless you create a short-term static URL for it.
Note that you can do similar things on S3 for static content. This is a pretty useful feature.
source to share