SitePoint Sponsor

User Tag List

Results 1 to 11 of 11
  1. #1
    SitePoint Enthusiast
    Join Date
    Sep 2009
    Posts
    51
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    digital download security

    I was on an internet marketing conference call and it was said that no digital download page can be made secure from being found by anyone who wants to. It was also said that the only secure pages would be on membership sites, which, of course are pricy (to me it seems they are pricy). Is this true or are there things that we can do for a digital download?

    Thanks for your help.

    Jeannie

  2. #2
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    23,588
    Mentioned
    411 Post(s)
    Tagged
    6 Thread(s)
    Perhaps it is possible that no digital file is completely secure (I'm not sure) but for practical purposes I'd say it's not a big concern. I sell digital files using some simple software, and the url it generates is very long and I defy anyone to work out where the file really lives on that basis. It just wouldn't be worth someone's time—unless perhaps your digital file contained US military secrets or something. (In that case, you'd probably have a million of the best hackers in China on your case, on behalf of their government... o no, sorry, they've denied that, haven't they? )

    It's just one of many options, but I've had good success with LinkLok.

  3. #3
    SitePoint Enthusiast
    Join Date
    Sep 2009
    Posts
    51
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ralph, thankyou so much for this info - Linklok looks very interesting and is probably what we are looking for.

    We are just getting our feet wet in this field, so this may sound ignorant - my apologies. We all have probably either Bluehost or Host-Gator, so we have a main domain and then add-on domains for whatever else we develop. We are on shared servers. Where would we put the digital products if we don't want them found by meditation hungry hackers?

    And one last question, for now, at least, I know someone is going to ask if there are any free options, so are there? We are beginners with big ideas, but not master programmers - or even junior programmers, so I am afraid that has to be taken into account. Most of us are doing this on a shoe string.

    Thank you.

    Jeannie

  4. #4
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    23,588
    Mentioned
    411 Post(s)
    Tagged
    6 Thread(s)
    Unfortunately I'm not the best person to ask, as I'm pretty ignorant! If you put a file in, say, a folder called /lala234looloo/, I mean, who's going to find that?! And of course, you could have folders within folders. LinkLok generates a random link that actually leads to that folder, but no one will ever know what the folder is really called.

    I know that you can also place files "above the web root", though I haven't done this much, and it may be different on each host. But that's a common practice, I believe. If a file is located "above" the root folder on a server, not even the best hacker can access that, so it may be worth looking into if you REALLY need security.

    Also, some other 3rd party services allow you to sell digital downloads and (I believe) host the files themselves, probably in highly secure environments. An example is eJunkie, so that's worth a look too.

    For free options, I'm sure there are some around. LinkLok is a cheap, one-time fee, but if I remember rightly, services like Mal's cart offer a free cart that include digital goods (?). Maybe check that out.

  5. #5
    Robert Wellock silver trophybronze trophy xhtmlcoder's Avatar
    Join Date
    Apr 2002
    Location
    A Maze of Twisty Little Passages
    Posts
    6,316
    Mentioned
    60 Post(s)
    Tagged
    0 Thread(s)
    Yes, a lot of people place PHP scripts above the root just in case in the unlikely even the parser falls-over and leaves their web-pages looking naked with exposed connection scripts, etc.

    If it is important you should consider HTTPS for obvious reasons.

  6. #6
    Follow: @AlexDawsonUK silver trophybronze trophy AlexDawson's Avatar
    Join Date
    Feb 2009
    Location
    England, UK
    Posts
    8,111
    Mentioned
    0 Post(s)
    Tagged
    1 Thread(s)
    The real problem you need to think about is what happens when the end user gets hold of your digital download, there's nothing to stop them putting it onto a torrent site or handing it out to the people they know. Securing your download page may seem like a reasonable idea, but it's pointless if your end-users then decide to make it available outside of your secured environment. You may want to look towards making the download publicly available and having some sort of verification mechanism within the download to ensure the end user is entitled to use what you're offering (activation perhaps).

  7. #7
    SitePoint Enthusiast
    Join Date
    Sep 2009
    Posts
    51
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Cool

    These are terrific solutions to what we are dealing with in terms of LinkLok, and php files above the root, and E-junkie. I think php files are probably beyond us, but the others are workable. Thank you very much - this is just what we needed, I'm sure.

    Alex, I don't know if you know the movie Tron, but it was rumored to have codes within the film (at that time film meant VHS) so that if a person tried to make copies, they got gobbledygook. Will that be invented for digital downloads? Has it already been invented?

    There are many honest people in the world who know that the authors of these downloads have rent to pay like everyone else, and may these wonderful people be our customers.

    Thanks again.

    Jeannie

    PS Tron, now that's a movie to show to a programmers' convention!

  8. #8
    Follow: @AlexDawsonUK silver trophybronze trophy AlexDawson's Avatar
    Join Date
    Feb 2009
    Location
    England, UK
    Posts
    8,111
    Mentioned
    0 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by jeannieg View Post
    Alex, I don't know if you know the movie Tron, but it was rumored to have codes within the film (at that time film meant VHS) so that if a person tried to make copies, they got gobbledygook. Will that be invented for digital downloads? Has it already been invented?
    Alas nope, not at this point, the closest thing there is to that is product activation like you get in MS products where the cease to function if the product key doesn't match the machine it's meant to be registered too. If it's anything other than software, you're pretty much in a no win situation (people can crack activation too).

    PS: Tron is awesome, there is a new Tron 2.0 movie coming out soon, the trailers look amazing. >>> http://www.youtube.com/watch?v=6HcsDc_9LX8

  9. #9
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    23,588
    Mentioned
    411 Post(s)
    Tagged
    6 Thread(s)
    Quote Originally Posted by jeannieg View Post
    if a person tried to make copies, they got gobbledygook. Will that be invented for digital downloads? Has it already been invented?
    If you are selling ebooks/pdfs, Adobe also offers a service that locks a pdf to a single computer. It costs a fortune, though, so you'd want to be a big business. Besides, this sort of thing really just punishes honest people, and is a real pain. Others point out that if your materials are spread around, it's a form of advertising--as long as you plan things well.

    There are many honest people in the world who know that the authors of these downloads have rent to pay like everyone else...
    Yep, there sure are. Apparently they even found one in China recently.

  10. #10
    SitePoint Zealot Norebbo's Avatar
    Join Date
    Jun 2008
    Location
    Southern California
    Posts
    123
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ralph.m View Post
    It's just one of many options, but I've had good success with LinkLok.
    Just thought I'd second this comment - I've used LinkLok for several client projects, and it works like a charm. Very easy to set up, and secure enough. Highly recommended.

  11. #11
    SitePoint Guru
    Join Date
    Jan 2007
    Posts
    934
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    The way to secure a digital download is to store the files above the public level of the site. After purchase, the user is directed to a page that doesn't link directly to the document but to a request to a php script that delivers the file if the appropriate credentials are met.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •