Best practice for serving restricted or premium media

[Brad Buran]

I'm currently researching Django as a potential framework for a web
application I am building. We plan to make a variety of media (images
and videos) free on our website; however, we want to have some premium
media available only when certain criteria are met (e.g. the logged-in
user is of a certain group or has the appropriate permissions).

What is considered the best way to implement this? I suppose we could
get Django to serve the media directly, but this would place undue
load on the server. Can anyone recommend any tips or tricks?

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django...@googlegroups.com.
To unsubscribe from this group, send email to django-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

[Graham Dumpleton]

On Apr 21, 12:09 pm, Brad Buran <bbu...@gmail.com> wrote:
> I'm currently researching Django as a potential framework for a web
> application I am building.  We plan to make a variety of media (images
> and videos) free on our website; however, we want to have some premium
> media available only when certain criteria are met (e.g. the logged-in
> user is of a certain group or has the appropriate permissions).
>
> What is considered the best way to implement this?  I suppose we could
> get Django to serve the media directly, but this would place undue
> load on the server.  Can anyone recommend any tips or tricks?

Groups and permissions are obviously things that can be handled by
Django. For the actual serving up of the media files, there are
various ways of doing it depending on how you are hosting Django.

So, how are you intending to host it?

Options for serving static media where Django handles request and
handler deals with groups or permissions are:

1. Use X-Sendfile response header to have server send raw file.
Supported by Apache, lighttpd and nginx, although possibly require
option server module, eg mod_xsendfile.

2. Have nginx as front end with fastcgi backend, or with Apache/
mod_wsgi as backend and use X-Accel-Redirect response header to map to
private static files hosted by nginx.

3. Under Apache/mod_wsgi, use wsgi.file_wrapper extension of WSGI to
return file. This may be hard as not really well supported by Django
natively at this point.

4. Under Apache/mod_wsgi daemon mode, use Location response header
with 200 reponse to map to static file served by Apache. This is like
X-Accel-Redirect under nginx, but you need a mod_rewrite rule to
restrict access to static media sub request as created by Location
directive redirect.

5. Use perlbal as front end to backend HTTP server host Django in some
way and use X-Reproxy-URL response header. Like Other variants above
but perlbal sends static file identified by that header.

Other load balancers may support other similar headers for having them
send static files.

There are other ways as well provided you were happy with standard
HTTP Basic/Digest authentication being done by Apache and not form/
session based logins.

There is a Django ticket, which I believe still hasn't been
integrated, to try and make various of these available under a simple
usable interface. As such, right now, may have to integrate it
explicitly.

So, lots to choose from.

Graham

[Brad Buran]

Thanks for the great suggestions.  I believe that we will start out with shared hosting the migrate to a VPS (e.g. SliceHost) if scaling becomes an issue.  We're not really expecting to become a high-traffic website (our target audience is small).

I'm not familiar with any of these approaches, but I can now use Google to find and review some tutorials regarding each of these.  Will they all work on shared hosting?

Brad

[Graham Dumpleton]

On Apr 22, 12:10 am, Brad Buran <bbu...@alum.mit.edu> wrote:
> Thanks for the great suggestions.  I believe that we will start out with
> shared hosting the migrate to a VPS (e.g. SliceHost) if scaling becomes an
> issue.  We're not really expecting to become a high-traffic website (our
> target audience is small).
>
> I'm not familiar with any of these approaches, but I can now use Google to
> find and review some tutorials regarding each of these.  Will they all work
> on shared hosting?

Depends on the shared hosting because of the potential need to control
a front end server or your Apache instance. Some also require optional
web server modules to be installed.

Graham

> > django-users...@googlegroups.com<django-users%2Bunsubscribe@google groups.com>
> > .

> > For more options, visit this group at
> >http://groups.google.com/group/django-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups "Django users" group.
> To post to this group, send email to django...@googlegroups.com.
> To unsubscribe from this group, send email to django-users...@googlegroups.com.

> For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.