Django File Sharing Security

When I working with Django authentication, I found that every user can download any files uploaded by USER. That’s not good right ?

So I researched and found the loop holes and finally fixed. And also posted in StackOverFlow about this problem. Let’s see how I did that ?

# First define url like this...
url(r'^media/(?P<path>.*)$', protected_serve, {'file_root': settings.MEDIA_ROOT}),
# Second in protected_serve
from django.views.static import serve
def protected_serve(request, path, document_root=None):
return serve(request, path, document_root)

I added a function in with login_required decorator and if anyone access the media file via localhost:8000/media then this function get call.

Inside the logic very simple just get the file ulr and if that url is that registered user then pass.

Simple is not that ?

A single golf clap? Or a long standing ovation?

By clapping more or less, you can signal to us which stories really stand out.