Enable Card Index Protection

If the card index security is disabled, the card photos and attachments will be available by direct link regardless of the user rights. Configure FindFace Multi to run all media requests through the DJANGO application for ACL checks to increase card index security.

Important

Enable the card media security only if you need it, as this setting severely negatively impacts the system performance.

Important

For the ACL checks to work properly, you must set the view permission for the card photos of faces, bodies, and cars. To do so, navigate Preferences → Roles → specific role → Permissions and set View for the faceobject, bodyobject, and carobject entities, subject to the object types in the cards. See Create Custom Role for details.

To enable card index security, do the following:

Open the /etc/findface-security/config.py configuration file.
```
sudo vi /etc/findface-security/config.py
```
Uncomment OVERPROTECT_MEDIA and set it True.
```
...

'OVERPROTECT_MEDIA': False,
```
Open the nginx configuration file /etc/nginx/sites-available/ffsecurity-nginx.conf. Uncomment internal in the location /uploads section.
```
location /uploads/ {
   internal; # Uncomment if you intend to enable OVERPROTECT_MEDIA
   ...
}
```

Restart findface-security and nginx.

sudo systemctl restart findface-security.service
sudo systemctl restart nginx.service

After the new security policy is applied, logged-in users must re-authenticate. To make the users do so, execute the logout-all command:
```
sudo findface-security logout_all_users
```