Django: let user download a large file

Question

I am building a private file upload site. Alice uploads a file, Bob downloads it.

People other than Alice and Bob should not have access. I was first thinking about

Answer 1

Using Django to download large files isn't really recommended. Usually you'd have a front-end multiplexer such as NginX, and use Django only to validate the file.

Then, if the download is validated, you'd issue a signal to the multiplexer. For NginX, you can set up a special header ("X-Accel-Redirect") to point to the true location of the local file. Django will only serve a few bytes, and all the heavy lifting will be taken up by NginX; at the same time the original URL will be that of Django, so that it is not possible to bypass security.

See: http://wiki.nginx.org/X-accel

You can find notes on how to serve static files (extensible with authentication) here

https://docs.djangoproject.com/en/dev/howto/static-files/

but as the page says, it is "a quick and dirty helper view" not intended for production or high-traffic sites. That's not what Django was designed to do, even if it can do it.