Online static content protection

Question

Online static content protection

How can I allow users authenticated through Python code to access specific files on the server?

For example, let's say I have /static/book.txt

one that I want to protect. When the user accesses /some/path/that/validates/him

, the Python script considers it worthy of access /static/book.txt

and redirects it to that path.

How can I stop users from bypassing the script and accessing directly /static/book.txt

?

0

python security apache download lighttpd

user12163 Dec 16 '08 at 19:50

source to share

2 answers

You might want your Python script to open the file and dump the content as its output if the user is properly authenticated. Place the files you want to protect in a folder outside the web server root.

+3

bobwienholt Dec 16 '08 at 19:55

source to share

Dustin · Accepted Answer · 2008-12-16T19:54:29+0000

Lighttpd has mod_secdownload for this. Basically, it won't serve static content directly unless you create a short-term static URL for it.

Note that you can do similar things on S3 for static content. This is a pretty useful feature.

Online static content protection

More articles: