Forum Moderators: buckworks
I wondering if anybody could advise as to whether or not that storing downloadable files outside the main directory is imperative. Is the practice of keeping the downloads directory within the public directory and protecting it with .htaccess effective? Or does it pose greater risks?
I have also seen a couple of carts where the downloads folder is hidden as a subfolder within the cgi-bin, does anybody have any insight regarding the effectiveness of this method?
So far I have focused on looking at carts which allow the storage of downloadable files outside the public directory, so that the goods can only be downloaded via a request made through the cart software. Along with that I am looking at those regular features such as restricting the number of downloads etc. However, I have hit a brick wall and don't know which direction to take. Does anybody have any experience (large or small) with basic ecart security issues?
Restricting the number of times the buyer can download may prove to be problematic as well - a user only needs to download once to make copies and distribute if they were that way inclined. I don't think you'd be gaining anything and you may be hampering legitimate buyers who will inevitably miss the download option first time, lose their internet connection, have a browser crash etc.
I agree that restricting downloads could be problematic, but perhaps if I gave each user say five attempts it might help. My biggest fear is that I might get multiple users coming in (over a very short period of time), from one of those cracked passwords sites, if they still exist. In any case, I am intending to offer hardcopy merchandise bundles also.
It's the non public storage feature which is of a big issue to me at the moment. unless i am just looking in the wrong places. I can't seem to find many carts that do this.
