[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: [mv] Protecting Payload

To: minivend-users@minivend.com
Subject: Re: [mv] Protecting Payload
From: cfm@maine.com
Date: Wed, 9 Aug 2000 11:07:59 -0400
In-Reply-To: <0008099658.AA965832310@worldwatch.org>; from jyu@worldwatch.org on Wed, Aug 09, 2000 at 10:45:59AM -0400
References: <0008099658.AA965832310@worldwatch.org>
Reply-To: minivend-users@minivend.com
Sender: owner-minivend-users@minivend.com
User-Agent: Mutt/1.2.5i

******    message to minivend-users from cfm@maine.com     ******

On Wed, Aug 09, 2000 at 10:45:59AM -0400, jyu@worldwatch.org wrote:
> ******    message to minivend-users from jyu@worldwatch.org     ******
> 
> 
> Hello,
> 
> We sell numerous products from our store in downloadable electronic format.  The
> way it is currently set up, the reciept page produces links to the products all
> within in a single directory elsewhere on the machine.
> 
> This is clearly not an effective solution, and has become a serious problem such
> that the number of product downloads far outweigh the number of purchases.  Once
> one knows which directory the files are stored in, even if the directory does
> not allow indexing, one can access the remainder of our products if they know
> the product codes.
> 
> I'm wondering if anyone has any ideas on a scheme to protect downloadable
> payload.  I'm considering a redirect which produces the product based on
> recieved argument and referring page, but again, anyone with enough creativity
> and free time can find a way around this.  It could obscure the true location of
> our products, but only that. 

We usually just copy "product" to a temporary file and give link to that.
Tell the user to bookmark it in case his first try fails; it will be there
for <period of time you pick>.  The temporary files get deleted periodically.  
Name it something like YYYY-MM-DD-code-<sessionID>.  If your product is
pricey enough that you are still worried about people guessing, just
increase the complexity of the naming scheme or encrypt it with something.

-- 

Christopher F. Miller, Publisher                             cfm@maine.com
MaineStreet Communications, Inc         208 Portland Road, Gray, ME  04039
1.207.657.5078                                       http://www.maine.com/
Database publishing, e-commerce, office/internet integration, Debian linux.
-
To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list

Follow-Ups:
- Re: [mv] Protecting Payload
  - From: Mike Heins <mikeh@minivend.com>

References:
- [mv] Protecting Payload
  - From: jyu@worldwatch.org

Prev by Date: [mv] [OT Very much soo, and I am very sorry too for this]
Next by Date: RE: [mv] more documentation stuff (fwd)
Prev by thread: [mv] Protecting Payload
Next by thread: Re: [mv] Protecting Payload
Index(es):
- Date
- Thread