homepage Welcome to WebmasterWorld Guest from 54.161.247.22
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
How Would You Go Protecting An eBook Downloads
BlackRaven




msg:4128590
 4:24 am on May 7, 2010 (gmt 0)

Hi, looking for what steps,guides or others resources that i should look at. Basically i got an ebook that a customer downloads after he purchases, how would i protect that folder so that no one can directly download it from the outside? I got a script in place that adds a key in the database, and whenever the user downloads the file that key is disabled. However my concern is protecting the folder from the outside, in .htaccess is it possible to only allow that .php file access to that folder?

 

impact




msg:4128592
 4:36 am on May 7, 2010 (gmt 0)

I am novice in this but

for search engines you can use robo.txt to disallow indexing and for direct access by the user,
1: use dynamic urls to hide original url from the user view. For example use this in .htaccess file

www.yourdomain.com/download/file?id=<Your Key in the database>

should be interpreted at server level
www.yourdomain.com/download/downloadRequest=<Your Key in the database>

The other option that comes to my mind is to user apache folder properties. Like 6-6-6 or 4-5-6. I am not sure whats your server properties so check at your end.

Hope this helps :-)

Matthew1980




msg:4128703
 11:25 am on May 7, 2010 (gmt 0)

Hi there BlackRaven,

Well one way as you could make the folder a little more secure is to stop directory browsing, or have the download dir outside the domain so that joe public cant access it anyway. This seems to be standard practise when storing media etc.

For stopping the directory browsing try this:-

<Files .htaccess>
order allow,deny
deny from all
</Files>

Place this in your .htaccess file, it works for me!

The method that impact describes is good for 'masking' the technolgy that you are using to generate your site, which is good, and it makes your pages index more easily from SEO point of view, but, having the files IN the domain is a bad idea as this is always at risk from people reading the url or page source, finding the dir, and without the prevention of directory browsing there, pinching all your data!

The better way IMHO (though there may be better ways that I haven't found) is to have the files stored in a directory outside your domain, then this at least prevent joe public being able to browse to it.

Hope this helps,

Cheers,
MRb

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved