Hopefully you use a specialised document management store like Mayan, Blitdb or a file sharing site like box or dropbox if that is the focus of your project. However if you have a few fields in your django project that require a filefield or imagefield that can be classed as confidential then this is the post for you.
With the standard django media and file storage and serving your media is not protected. The unauthorised people may not have the path to the image but if they did have that path they would be able to see the files.
How do we restrict direct media access
We need at least django-sendfile, and it helps if you have per-object permissions provided by django-guardian.
So the first thing is to decide what media would be protected.