Enable Dossier Security

If the dossier security is disabled, the dossier photos and attachments will be available by direct link regardless of the user rights. To increase dossier security, configure FindFace to run all media requests through the DJANGO application for ACL checks.

Important

Enable the dossier media security only if you need it, as this setting has a severe negative impact on the system performance.

To enable dossier security, do the following:

  1. Open the /etc/findface-security/config.py configuration file.

    sudo vi /etc/findface-security/config.py
    
  2. Uncomment OVERPROTECT_MEDIA and set it True.

    ...
    
    'OVERPROTECT_MEDIA': False,
    
  3. Open the nginx configuration file /etc/nginx/sites-available/ffsecurity-nginx.conf. Uncomment internal in the location /uploads section.

    location /uploads/ {
       internal; # Uncomment if you intend to enable OVERPROTECT_MEDIA
       ...
    }
    
  4. Restart findface-security and nginx.

    sudo systemctl restart findface-security.service
    sudo systemctl restart nginx.service
    
  5. After the new security policy is applied, logged-in users must re-authenticate. To make the users do so, execute the logout-all command:

    sudo findface-security logout_all_users