Serving secure files : Forums : PythonAnywhere

Serving secure files

Hi there,

I had a question, and I could not find anything on google.

For my website, I would like to make it possible for users to download certain files, but only if they are the owner of those files (which I can check through views and comparing the owner of the instance of the model with the request). However, I am not quite sure how to handle this in my web setup. Most StackOverflow posts say that you should not serve files through Django in production, but I don't think it is possible for us to change a nginx/apache/wsgi file to setup this secure download scheme on pythonanywhere?

Anyone have any idea? :)

deleted-user-2068738 | 4 posts | March 28, 2018, 12:45 p.m. | permalink

I think the general advice on not using Django to serve static files is more a "don't do it unless you have a good reason to" -- where making sure that only particular people have access to particular files is one of those good reasons. The PythonAnywhere website is itself a Django site (mostly) and while we serve static files like our own CSS and images using the webserver directly (in a way equivalent to using the "Static files" table on the "Web" page), when you go to the "Files" page, we use Django to serve the files. It works OK for us :-)

giles | 12095 posts | PythonAnywhere staff | March 29, 2018, 12:15 p.m. | permalink

Alright, thanks a lot!

deleted-user-2068738 | 4 posts | March 30, 2018, 8:05 p.m. | permalink

No problem!

giles | 12095 posts | PythonAnywhere staff | April 1, 2018, 3:28 p.m. | permalink