Added disclaimer about the security limitations of the file storage

lorinkoz · Apr 24, 2020 · e068f40 · e068f40
1 parent 3883d27
commit e068f40
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/docs/contrib.rst b/docs/contrib.rst
@@ -46,6 +46,21 @@ It will generate::
 
     /tenant1/static/path/to/file.txt
 
+This storage class is a convenient way of storing media files in a folder
+structure organized at the top by tenants, as well as providing a perceived
+tenant centric organization in the URLs that are generated. However, this
+storage class does NOT provide any form of security, such as controlling that
+from one tenant, files from another tenant are not accessible. Such security
+requirements have other implications that fall out of the scope of this basic
+utility.
+
+.. tip::
+
+    In a project that requires airtight security, you might want to use and
+    customize `django-private-storage`_.
+
+.. _django-private-storage: https://github.com/edoburu/django-private-storage
+
 Channels (websockets)
 ---------------------