[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: [mv] Protecting Payload

To: minivend-users@minivend.com
Subject: Re: [mv] Protecting Payload
From: Mike Heins <mikeh@minivend.com>
Date: Wed, 9 Aug 2000 16:54:03 -0400
In-Reply-To: <20000809110759.B30351@maine.com>
References: <0008099658.AA965832310@worldwatch.org> <20000809110759.B30351@maine.com>
Reply-To: minivend-users@minivend.com
Sender: owner-minivend-users@minivend.com

******    message to minivend-users from Mike Heins <mikeh@minivend.com>     ******

Quoting cfm@maine.com (cfm@maine.com):
> > 
> > Hello,
> > 
> > We sell numerous products from our store in downloadable electronic format.  The
> > way it is currently set up, the reciept page produces links to the products all
> > within in a single directory elsewhere on the machine.
> > 
> > This is clearly not an effective solution, and has become a serious problem such
> > that the number of product downloads far outweigh the number of purchases.  Once
> > one knows which directory the files are stored in, even if the directory does
> > not allow indexing, one can access the remainder of our products if they know
> > the product codes.
> > 
> > I'm wondering if anyone has any ideas on a scheme to protect downloadable
> > payload.  I'm considering a redirect which produces the product based on
> > recieved argument and referring page, but again, anyone with enough creativity
> > and free time can find a way around this.  It could obscure the true location of
> > our products, but only that. 
> 
> 
> We usually just copy "product" to a temporary file and give link to that.
> Tell the user to bookmark it in case his first try fails; it will be there
> for <period of time you pick>.  The temporary files get deleted periodically.  
> Name it something like YYYY-MM-DD-code-<sessionID>.  If your product is
> pricey enough that you are still worried about people guessing, just
> increase the complexity of the naming scheme or encrypt it with something.
> 

You might look at the Interchange "simple" catalog, which has a canned
solution for this. It catalogs which products the user has bought, and
uses Minivend to gate the download.

While Minivend delivers the content in the supplied distribution, it
would be easy to change the ActionMap deliver to pass it a handle to
a symlinked temporary file based on the session.

-- 
Akopia, Inc., 131 Willow Lane, Floor 2, Oxford, OH  45056
phone +1.513.523.8220 fax 7501 <heins@akopia.com>

Be patient. God isn't finished with me yet.  -- unknown
-
To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list

References:
- [mv] Protecting Payload
  - From: jyu@worldwatch.org
- Re: [mv] Protecting Payload
  - From: cfm@maine.com

Prev by Date: Re: [mv] URGENT - help needed.
Next by Date: [mv] How display message if order is discounted?
Prev by thread: Re: [mv] Protecting Payload
Next by thread: Re: [mv] Protecting Payload
Index(es):
- Date
- Thread