I want to create an application where user can upload their secret documents. Secret means no one can see the document even the super admin of the server can't even see the document. In other words I want system level authentication. Is there a way to do it with Django? How should I overcome this problem? I have a VPS to store files but I want to create separate document folder for each user which can only be accessed by the user. Not even by me or by the server admin. Any idea would be appreciated. What should be my approach?
Related
Hello all fellow StackOverFlow'ers,
I'm making an app in Flask that runs depending on settings that can be changed by administrator via a POST request in their admin-panel,
Actually, the only two things I came up with for doing this is using os.environ.get (Environment variables) [which i'm using now] or insert it to a PostreSQL Database config table and load it up
Anyway I will be storing settings such as a couple of API_URLs and their API_KEY, and some Conditions of checking like a success value where if condition in text .. else is applied to ... where admin can change them via the panel
I'm looking for the best performant approach for doing such thing.
Best regards.
If you're looking for the changes to only apply on a per-user basis (changes made by the admin only affect the admin), check out Flask's sessions. It works like a dictionary, but stores information in a cookie in the user's browser that can be programmatically accessed by Flask. Be warned that this data is stored in plain-text in the user's browser, so don't store anything sensitive here.
On the other hand, if you're looking for changes made by the admin to affect everybody visiting the website, you may just be able to store the settings in a variable, update them when the admin makes changes, and read them when responding to a request. If you want these settings to persist through a server restart, however, you'll need to write them to disk and then load them on server restart and save them to disk when they're changed. If this is a production-grade app and needs to be able to scale, I personally recommend using an SQLite file to store settings (or a SQL database if it really needs to scale), but this is a personal preference of mine. If this is just a personal app, storing settings in text files would be just fine.
Hope this helps!
In my app, the user can select a Youtube video that will be downloaded to MEDIA_ROOT folder and then also made available for the user to download.
Whenever the user chooses another video to download, the previous one is deleted from MEDIA_ROOT. So at any given moment there is only one video sitting in the MEDIA_ROOT folder for a particular user.
Is there any way - apart from implementing user authentication and associating the downloaded files with a user through foreign key, which I feel is an overkill for only this task - of telling the users apart whenever such download request is being made, so that one user's request does not cause the deletion of the file downloaded by some other user (as all the files sit in the same MEDIA_ROOT folder)?
Assuming you have some sort of web server, you can create custom links that redirect through your web server and pass IP information, etc, so you can distinguish a user before one downloads a video. That is certainly one way of doing it without authentication and since the app/platform that tracks user data is in-house you don't have to worry about foreign keys, etc.
You can use cookies to uniquely identify users. Web browsers will keep sending that cookie value to your web server for as long as the web browser's cookie store is not cleared. Make sure to generate an hard to guess value for the web browser to store and you to identify with so that one cannot bruteforce that value and get access to data meant for other users. The common way is to generate say a 32 characters string from a CSPRNG.
You can have a go at this question to find out how to set cookies in Python Django: Django Cookies, how can I set them?
I would personally use built in Django Cookie Sessions: https://docs.djangoproject.com/en/2.2/topics/http/sessions/#using-cookie-based-sessions
I'm currently working with some people to develop an application that will display a "sound library" when the user selects an option on their voip phone. The idea is that the phone system will pass a url with a device id in it, and that will open the django app to the users' library. I was told to remove login/user authentication in order to make the process easier for the user. My question is, is there a way to create a user field and save the model for future retrieval via the url request alone? Do I need to pass the device id to some hidden form first and redirect to the main page, and query the users' objects via the device id? I know there are security concerns but was wondering if it's even possible, any help is appreciated!
You should try using Djago REST Framework, it will make it easy to retrieve data with urls using unique identifier.
I am creating an application in django where I want to upload multiple file from django admin. I also want these files to be associated with a particular user in my database. for e.g a pdf file will have a file names as 'john.pdf', 'matt.pdf', 'alice.pdf' and I want to upload all these files at once from django admin and each file should be associated with particular user, so if user john logs in he can see pdf 'john.pdf' in his profile page.
I am new to django and web programming and I have been banging my head for a couple of days but I just cannot find the right logic to implement such a code.
I have looked in these resources but I still cannot really find an answer
How to upload multiple file in django admin models
How to upload through django admin.
I am using django with mysql database. I highly appreciate and thank anyone in advance who could help me out with this problem. (hoping not to get downvoted too much)
Ok so I found out a solution but I still don't know if thats the best solution there. What I did was to add path of my pdf files in MySQL database and add attributes to those paths. I wrote a script in python to add those files to MySQL database. My script listed all the files in the directory, where the files were stored and added them to the database. From these attributes I could retrieve those paths. As these are just paths to static files I had to save them in the static folder for django to access and display them and the rest was simple.
I'm building a web application where I have 2 sets of users (students and teachers). Teachers should be able to create their account, create a page of their content. Students should be able to create an account to sign up for this content. I am currently using django-registration to handle registration but I am wondering what's the best way to handle these 2 sets of users and still be able to use the Django authentication framework? I have heard about having multiple profiles but would like some opinions.
Thanks!
You could use permissions. When they sign up if they're a Teacher give them content creation permissions. If they're a student they don't get the permissions.
In the user profile I would just have a field that says which type they are. Unless a lot of the data is different I wouldn't have two user profiles.