Securing Media Content

Hi All,

In one of my projects I have a bunch of images hosted in an AWS bucket. The images are referenced in a model and use a FileField type, e.g. file = models.FileField(upload_to="images", unique=True)

In my file media is configured as such:

    AWS_STORAGE_BUCKET_NAME = "secret-secret"

What I would like to do is to make these images non-public. This seems easy enough to do in AWS, but I’m wondering how I might go about this in Django.

One issue I see is that the frontend is a SPA app written in VueJS. When selecting a part of the app to use, all the necessary data is retrieved from the API, including the image URLs. The point of this is that I don’t think time based URLs are appropriate, as the user of the app might take 5 minutes to be finished with it, or 90 minutes.

In short, I’m looking for possible solutions to my problem. I appreciate that AWS or other solutions are out of scope for this forum, but Django is certainly not. Is there anyone here who has tackled such an issue in their Django app(s)?

djagno-storages uses pre-signed URL’s by default, which provide unique limited time access to files in your bucket. You can use them with a private bucket even. I think if you don’t use the ‘custom domain’ or ‘media url’ settings it then it should work.

1 Like

Cheers Adam, I’ll do some reading and give it a shot.