Addition information about apache authentication via cookies to mod_python/auth docs
|Reported by:||cwurld@…||Owned by:||jacob|
|Severity:||Keywords:||authentication, mod_python, docs|
|Cc:||Triage Stage:||Design decision needed|
|Has patch:||no||Needs documentation:||yes|
|Needs tests:||no||Patch needs improvement:||no|
In "Authenticating against Django’s user database from Apache" , you suggest that this might be useful for "Serve static/media files directly from Apache only to authenticated users." That sounds really great. Especially given all the dire warnings against serving static file through Django.
However, it seems that the way this code works is a user goes to get a file from a protected dir. Then Apache forces the user to give a username and password. After that, the request gets sent to the django mod_python handler, which then authenticates the entered username and password against the django auth system.
But I am guessing that most developers who want to serve secured static files, don't want the user to have to give apache a username and password. Rather, they would like the authentication to work like any other page in django.
This snippet explains how to solve this problem: http://www.djangosnippets.org/snippets/62/
The reason I think you should add this to the standard django docs is that I think noobs (like me) would run into the problem fairly frequently. And without a deep understanding of apache and mod_python, it is very hard to know what questions to ask to find the solution.
Change History (2)
comment:1 Changed 8 years ago by Simon G. <dev@…>
- Keywords authentication mod_python docs added
- Needs documentation set
- Needs tests unset
- Patch needs improvement unset
- Summary changed from Addition to mod_python/auth docs to Addition information about apache authentication via cookies to mod_python/auth docs
- Triage Stage changed from Unreviewed to Design decision needed