12 {{ upvoteCount | shortNum }}
12 {{ upvoteCount | shortNum }}

How to avoid server files being accessed illegally?

by Bugala
10 replies
So this is the thing.

I havent tried completely yet, but i suppose i can make a paypal system that when someone buys my product with it, he will be sent to download page to which he will receive unique code and that will keep that download page accessible to him with that code for, say, 3 days as an example.

However, now comes a problem.

Say there is some music.mp3 file that he can download then.

Now okay, after three days he wont be able to access the download page, BUT, if he uses direct link to that music.mp3 file, he will still be able to download it and even share the link with anyone he wishes.

So how do i avoid this from happening?

Can i somehow make it so that this music.mp3 file is accessbile only through that Download page?

There is this options to choose for files in way of 755, that it can be executed by anyone, or only its owner and stuff

So I suppose I can use this somehow to make it accessible to this download page only, but how?

And notice when you answer that im quite noobie when it comes to server side issues.

I mean, i do understnad it would be possible to make it accessbile for its creator only, but then that download page would first need to be the creator of that music.mp3 file, which is obviously isnt, since im just transfering it to there.
#accessed #avoid #files #illegally #server
  • Profile picture of the author wayfarer
    Put the file somewhere that requires server authentication to navigate to. On an Apache server this is controlled with a combination of .htpasswd and .htaccess files. Since you can allow your website to write to these files, it should be possible for you to dynamically do this. I haven't worked out the solution before, but it is this idea that I would start with. Be sure to have very strict permissions on the files.

    If you remove a users permission to access a part of a site at some time in the future, any attemt to access any file within that directory would bring up the authentication, if it is secured this way.

    I'm sure there are other solutions. One that comes to mind is making a PHP file redirect to a file it writes by pulling data from somewhere else on the server, possibly a database. It is a temporary file and gets deleted every time.
    Signature
    I build web things, server things. I help build the startup Veenome. | Remote Programming Jobs
    {{ DiscussionBoard.errors[822526].message }}
  • Profile picture of the author askmichaelknowles
    I use a program to protect my dl files. You can limit the use of them and if someone shares them you can deactivate it. PM for for the link. Since they don't link for you to post it here.

    Michael
    Signature
    Let Me Do Your Backlinking For You! 5 - 125 High PR Sites WILL Link Directly To You!
    {{ DiscussionBoard.errors[822892].message }}
  • Profile picture of the author Rob Whisonant
    You place the file ABOVE the public html folder so it can't be accessed by a direct link and then stream the file to them.

    I have a program in beta right now that does this. If you are interested and will seriously test the script, pm me your email address and I'll send you a free beta copy to test.

    You can set the number of downloads or number of days or both. It uses PayPal IPN and automatically emails the download link to the purchaser.

    Re's
    Rob Whisonant
    Signature
    FREE Email Marketing Quick Start Course! Start Building a Profitable Email List Today!
    {{ DiscussionBoard.errors[823147].message }}
  • Profile picture of the author delsauzo
    I think file permissions on a linux server can easily take care of this. I guess the download link shoud only be valid for a short while. This ensures that even if it is shared it really wont matter once the links validity is over
    {{ DiscussionBoard.errors[823339].message }}
  • Profile picture of the author Bugala
    Well, as i already mentioned, im quuite lousy when it comes to server side issues.

    1. So how do i change these .htaccess and .htpasswd files?

    I mean, i do know i use text editor to do that, but what shoudl i write to them?

    Can you shortly explain how to do that, or if its not possible to shortly teach that, then if someone knows a good tutorial for these in interrnet.

    2. And another thing too, for when i was thinking wayfarers solution of copying file temporarily with temporary name all the time, that sounded like quite easy way to do itm but it would still leave the problem of people being able to check whats in my site and that way find it, so how do i prevent anyone from looking stuff for example on some certain folder?
    unless they have right password and username of course.
    {{ DiscussionBoard.errors[824621].message }}
  • Profile picture of the author capone2009
    can't you protect a site without htaccess? access denied page
    Signature
    Best Social Bookmarking Sites List 2012
    Social Bookmarking Software 2012

    How to start a blog
    {{ DiscussionBoard.errors[825000].message }}
  • Profile picture of the author cashgold
    htaccess is the best
    {{ DiscussionBoard.errors[830047].message }}
  • Profile picture of the author kengary
    If and when you start getting enough sales to justify the cost you might want to think about buying and installing aMember on your server to protect and sell your files. It handles everything you want to do and would do it quite elegantly too.

    Short of that, a lot of people just use their cpanel to create the userid/password for a .htaccess file and then change it every so often.

    If you've got an account at a place with CPanel like HostGator (and a lot of hosting companies have their own version of the same thing) it can take care of quite a few of the server-side things you'll want to play around with.

    Good luck.
    {{ DiscussionBoard.errors[830570].message }}
  • Profile picture of the author stevenh512
    The OP wants a secure (doesn't show the "real" URL), expiring download link. Linux file permissions and .htaccess/.htpasswd won't help much here.

    Personally, I would use DLGuard. That's exactly what it was originally intended for (but it can also do so much more, like managing a simple membership site).

    I can't say whether or not Amember does this since I've never used it.. but DLGuard will definitely do what the OP is asking and costs less than Amember does.
    Signature

    This signature intentionally left blank.

    {{ DiscussionBoard.errors[831001].message }}
  • Profile picture of the author eshopcompany
    I can get write you a custom php script to do this if you want/still need help. I actually wrote one for myself not to long back to do just what your needing...

    Originally Posted by Bugala View Post

    So this is the thing.

    I havent tried completely yet, but i suppose i can make a paypal system that when someone buys my product with it, he will be sent to download page to which he will receive unique code and that will keep that download page accessible to him with that code for, say, 3 days as an example.

    However, now comes a problem.

    Say there is some music.mp3 file that he can download then.

    Now okay, after three days he wont be able to access the download page, BUT, if he uses direct link to that music.mp3 file, he will still be able to download it and even share the link with anyone he wishes.

    So how do i avoid this from happening?

    Can i somehow make it so that this music.mp3 file is accessbile only through that Download page?

    There is this options to choose for files in way of 755, that it can be executed by anyone, or only its owner and stuff

    So I suppose I can use this somehow to make it accessible to this download page only, but how?

    And notice when you answer that im quite noobie when it comes to server side issues.

    I mean, i do understnad it would be possible to make it accessbile for its creator only, but then that download page would first need to be the creator of that music.mp3 file, which is obviously isnt, since im just transfering it to there.
    {{ DiscussionBoard.errors[841318].message }}

Trending Topics