Enable Record Index Protection

If the record index security is turned off, photos and attachments in records will be available by direct link, no matter what the user’s rights are. Configure FindFace Multi to run all media requests through the DJANGO application for ACL checks to increase record index security.

Important

Enable the record media security only if you need it, as this setting severely negatively impacts the system performance.

Important

For the ACL checks to work properly, you must set the view permission for photos of faces, bodies, and vehicles stored in records. To do so, navigate Settings → Roles → specific role → Permissions and set View for the faceobject, bodyobject, and carobject entities, subject to the object types enabled in the system. See Create Custom Role in UI for details.

See also

Record Index.

To enable record index security, do the following:

Open the /opt/findface-multi/configs/findface-multi-legacy/findface-multi-legacy.py configuration file.
```
sudo vi /opt/findface-multi/configs/findface-multi-legacy/findface-multi-legacy.py
```
Uncomment OVERPROTECT_MEDIA and set it True.
```
...

'OVERPROTECT_MEDIA': True,
```
Open the nginx configuration file /opt/findface-multi/configs/findface-multi-ui/nginx-site.conf. Uncomment internal in the location /uploads section.
```
location /uploads/ {
   internal; # Uncomment if you intend to enable OVERPROTECT_MEDIA
   ...
}
```

Restart the findface-multi-findface-multi-legacy-1 and findface-multi-findface-multi-ui-1 containers.

sudo docker container restart findface-multi-findface-multi-legacy-1
sudo docker container restart findface-multi-findface-multi-ui-1

After the new security policy is applied, logged-in users must re-authenticate. To make the users do so, execute the logout-all command:

sudo docker container exec -it findface-multi-findface-multi-legacy-1 /opt/findface-security/bin/python3 /tigre_prototype/manage.py logout_all_users