|
Nicolas Lehuen
nicolas at lehuen.com
Fri Jun 9 10:05:08 EDT 2006
Hi, You could use the Referer header, making sure that it refers to an authenticated page, but it is not really secure, as it is quite easy to forge an HTTP request with a given Referer header. Unfortunately the only way to prevent unauthorized access is to implement an authorization system... Which means having a way to say "this user is allowed to access this file and the content of this folder but nothing else". There are standard authorisation modules in Apache, but you can also roll your own using mod_python authz handler, though it is not for the faint of heart. Regards, Nicolas 2006/6/9, Rui Miguel Justino <rmcjustino at gmail.com>: > Is it possible to differentiate between a request to a file of type > (pdf,png, etc) made by a psp page and a direct request made by a user who is > trying to access directly to this files? > > Sorry if it is confuse. The purpose here is to only give access to files > for users who have authenticate to the application, but Even those users > will only have access to files that show up in the application(webpage). And > if those users are trying to guess file names they ill not have access to > the files. > > > > _______________________________________________ > Mod_python mailing list > Mod_python at modpython.org > http://mailman.modpython.org/mailman/listinfo/mod_python > > >
|