|How Would You Go Protecting An eBook Downloads|
| 4:24 am on May 7, 2010 (gmt 0)|
Hi, looking for what steps,guides or others resources that i should look at. Basically i got an ebook that a customer downloads after he purchases, how would i protect that folder so that no one can directly download it from the outside? I got a script in place that adds a key in the database, and whenever the user downloads the file that key is disabled. However my concern is protecting the folder from the outside, in .htaccess is it possible to only allow that .php file access to that folder?
| 4:36 am on May 7, 2010 (gmt 0)|
I am novice in this but
for search engines you can use robo.txt to disallow indexing and for direct access by the user,
1: use dynamic urls to hide original url from the user view. For example use this in .htaccess file
www.yourdomain.com/download/file?id=<Your Key in the database>
should be interpreted at server level
www.yourdomain.com/download/downloadRequest=<Your Key in the database>
The other option that comes to my mind is to user apache folder properties. Like 6-6-6 or 4-5-6. I am not sure whats your server properties so check at your end.
Hope this helps :-)
| 11:25 am on May 7, 2010 (gmt 0)|
Hi there BlackRaven,
Well one way as you could make the folder a little more secure is to stop directory browsing, or have the download dir outside the domain so that joe public cant access it anyway. This seems to be standard practise when storing media etc.
For stopping the directory browsing try this:-
deny from all
Place this in your .htaccess file, it works for me!
The method that impact describes is good for 'masking' the technolgy that you are using to generate your site, which is good, and it makes your pages index more easily from SEO point of view, but, having the files IN the domain is a bad idea as this is always at risk from people reading the url or page source, finding the dir, and without the prevention of directory browsing there, pinching all your data!
The better way IMHO (though there may be better ways that I haven't found) is to have the files stored in a directory outside your domain, then this at least prevent joe public being able to browse to it.
Hope this helps,