[mod_python] differentiate from where comes the request to a file

Nicolas Lehuen nicolas at lehuen.com
Fri Jun 9 10:05:08 EDT 2006


Hi,

You could use the Referer header, making sure that it refers to an
authenticated page, but it is not really secure, as it is quite easy
to forge an HTTP request with a given Referer header.

Unfortunately the only way to prevent unauthorized access is to
implement an authorization system... Which means having a way to say
"this user is allowed to access this file and the content of this
folder but nothing else". There are standard authorisation  modules in
Apache, but you can also roll your own using mod_python authz handler,
though it is not for the faint of heart.

Regards,
Nicolas

2006/6/9, Rui Miguel Justino <rmcjustino at gmail.com>:
> Is it possible to differentiate between a request to a file of type
> (pdf,png, etc) made by a psp page and a direct request made by a user who is
> trying to access directly to this files?
>
> Sorry  if it is confuse. The purpose here is to only give access to files
> for users who have authenticate to the application, but Even those users
> will only have access to files that show up in the application(webpage). And
> if those users are trying to guess file names they ill not have access to
> the files.
>
>
>
> _______________________________________________
> Mod_python mailing list
> Mod_python at modpython.org
> http://mailman.modpython.org/mailman/listinfo/mod_python
>
>
>


More information about the Mod_python mailing list