Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

Geek Culture / Securing files on your web site server?

Author
Message
CattleRustler
Retired Moderator
21
Years of Service
User Offline
Joined: 8th Aug 2003
Location: case modding at overclock.net
Posted: 27th Mar 2004 23:05
Link
Let's say you have a file on your server that needs to be paid for before it can be downloaded - - what's to stop someone from purchasing the file, making note of the path on the web server, and telling his friends "Hey go to such and such address path" and getting the file download and successfully circumventing the payment portions? There has got to be a way to lock folders in IIS so so only redirections from a certain source are allowed, right? I am no web guru so please bear with...

Thanks for any help
James



Home of the VB.NET Class Builder Utility - Demo available now!
Back to top
Profile PM
Elleomea
21
Years of Service
User Offline
Joined: 2nd Aug 2003
Location: England
Posted: 27th Mar 2004 23:09 Edited at: 27th Mar 2004 23:10
Link
Well I don't know about IIS, but with apache you could stick the file in directory with a .htaccess file that denies access to all users, then make a PHP script which takes a username and password from a database (perhaps a maximum of 3 times or something, by recording each use) then a second script which reads the file with the fopen() commands and so sends it out to the user (after checking cookies set by the first one to ensure the user logged in correctly). But that's probably a little too technical, that's just how I'd do it if I were interested in doing such things.

How much ham could a hamster stir, if a hamster could stir ham?
Back to top
Profile PM Website
TKF15H
21
Years of Service
User Offline
Joined: 20th Jul 2003
Location: Rio de Janeiro
Posted: 27th Mar 2004 23:14
Link
well, the way I'd do it is like this:
Apon purchasing the product, the person recieves a key. He goes to the website and submits the key in a form. Then, a script checks the key in a database and if it's there, it removes it from the database and gives the user the download link. The download link is generated as soon as the key is validated. So, let's say the file you want to distribute is called "game.exe". Make a php script that copies this to "<user'skey>.exe". At the end of the day, delete all the copies using another script, or manually.

Can I see a demo now?
Back to top
Profile PM Email Website
David T
Retired Moderator
22
Years of Service
User Offline
Joined: 27th Aug 2002
Location: England
Posted: 27th Mar 2004 23:39 Edited at: 27th Mar 2004 23:42
Link
There's a way you can do it in PHP:

http://forums.devshed.com/archive/t-67502


The basic code:



Change the content-type to what you want. Change FileOnServer.pdf to your file to want people to be able to d/l after paying, and add an if clause to the beginning to check to see if the user has paid. If they they, they'll be given the file to download, otherwise they'd be given the "You haven't paid!" message.

Just save the file as download.php and link to that.

"To do is to be" - Descartes
"To be is to do" - Voltaire
"Do be do be do" - Frank Sinatra
Back to top
Profile PM Email Website
UnderLord
21
Years of Service
User Offline
Joined: 2nd Aug 2003
Location:
Posted: 27th Mar 2004 23:45
Link
http://neworder.box.sk

this site has everything all you'd need to do is search for it on the site anything related to almost anything computers.

The search continues.

Current project - A space game
Back to top
Profile PM
CattleRustler
Retired Moderator
21
Years of Service
User Offline
Joined: 8th Aug 2003
Location: case modding at overclock.net
Posted: 28th Mar 2004 03:47
Link
thanks for the suggestions and the links - we figured it out, or at least came up with a good way to do what we wanted, which I wont mention here!

Thanks again everyone!



Home of the VB.NET Class Builder Utility - Demo available now!
Back to top
Profile PM
Richard Davey
Retired Moderator
22
Years of Service
User Offline
Joined: 30th Apr 2002
Location: On the Jupiter Probe
Posted: 28th Mar 2004 06:25
Link
Why not mention it? If you've done it right it won't matter, will it?

Cheers,

Rich

With our species on the edge of extermination,
with no prospect but a horrible death,
we actually played games.
Back to top
Profile PM Email Website
CattleRustler
Retired Moderator
21
Years of Service
User Offline
Joined: 8th Aug 2003
Location: case modding at overclock.net
Posted: 28th Mar 2004 07:10
Link
You're right. I apologize. I wasn't trying to be a jerk. I will post here on this topic tomorrow as the guts of the deal was handled by my business partner who is the more adept web/database guru but an awesome app programmer as well - I tend to be the lead app programmer and can hold my own with databases and web technologies but have little knowledge of standard ASP (which our solution mainly uses) where I help him in ASP.NET and the newer technologies - long story short: I can't rightly explain it until after he visits here tomorrow - hope that makes sense

I will post up a general explaination tomorrow evening - monday morning at the latest.



Home of the VB.NET Class Builder Utility - Demo available now!
Back to top
Profile PM
CattleRustler
Retired Moderator
21
Years of Service
User Offline
Joined: 8th Aug 2003
Location: case modding at overclock.net
Posted: 30th Mar 2004 17:51
Link
Ok, only posting this because I said I would: The solution uses server side asp that the user can't see, a page, an intermediate page, a storage page & folder, and the file of interest. The file of interest's name is never exposed to the user - it's aliased prior to download. Even if someone gets the file by paying for it, they don't have the info they would need to tell someone else where to grab it, or regrab it themselves. Even if they did, there are further steps taken that it wouldn't matter if they had a valid copy because they didn't pay for it. Sorry for such general terms.



Home of the VB.NET Class Builder Utility - Demo available now!
Back to top
Profile PM
Back to top

Login to post a reply

Server time is: 2024-09-21 13:55:15
Your offset time is: 2024-09-21 13:55:15