WebFaction
Community site: login faq

Hi guys,
In a site I'm writing, I'm allowing users to upload arbitrary files (part of a syncing service) to my site. The local Javascript client has to be able download via Ajax the files from the server running Python+Django. The user also has the ability to "export" files and directories by visiting a page which would send the Content-Disposition: attachment header and allow them to download the file/directory.

The problem is that any given file or directory isn't necessarily supposed to be public to other users. My concern is really memory constraints -- outputting each file via Python in the following fashion probably isn't very memory efficient, whereas Apache is probably very efficient. However, I can't directly perform any auth with Apache

    # Example code:
    response = HttpResponse()
    file = open("/path/to/users/file.html", "r")
    for line in file:
        response.write(line)
    return response
    

I figure I have two options here, since these are all going to be static files:

  1. The files would be outputted by Apache. Each user would have a random url to which everything would be uploaded, and a request to download the file would redirect to the file path underneath the user's random url. The seems like it isn't super-secure and is kind of a mess.
  2. The url would be the path to a Django request handler which would validate the the user's ability to download the file, and output via the code above. I don't think this is very memory-efficient though

Am I wrong in thinking that the above is not memory-efficient? Which would you guys go with?

(I know this is kinda of a long post. Sorry about that, and thanks in advance)

asked 28 May '11, 19:58

jordonwii's gravatar image

jordonwii
125
accept rate: 0%


Personally, I think the correct approach is to serve the files separately and not directly from the Django application. The problem, as you stated, is that you just need authentication on those downloads. You should be able to do that using mod_xsendfile for apache, as discussed in this related topic:

http://community.webfaction.com/questions/1066/installing-mod_xsendfile-on-django-apache-instance

permanent link

answered 28 May '11, 20:20

ryans's gravatar image

ryans ♦♦
5.0k42755
accept rate: 43%

edited 28 May '11, 20:20

Ah, that looks perfect. Thanks. I'm going to look into that.

(28 May '11, 22:34) jordonwii jordonwii's gravatar image
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×888
×331
×82

question asked: 28 May '11, 19:58

question was seen: 3,844 times

last updated: 28 May '11, 22:34

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2016 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM