[ic] softgoods

Chris Devers interchange-users@interchange.redhat.com
Wed Feb 27 21:33:00 2002


On Thu, 28 Feb 2002 music@labyrinth.net.au wrote:

> The concern is that with http download, even if the base download
> directory changes every 30 minutes, what strategy should be used to stop
> the customer attempting to download products by guessing [URLs]?

I'm new to Interchange, so this might or might not be easy to work into
the sytem, but have you considered doing one or both of:

  * checking $ENV{HTTP_REFERER}, so that it's minimally something from
    your own site, and ideally from the relevant URL on your site, or

  * setting up some sort of challenge/response to get to it, e.g. with
    cookies &/or password protected download areas? 

Speaking abstractly, you could set up a page saying that the order had
been accepted, and the product can be downloaded by following a link and
entering some sort of registration code there. Maybe you could even email
that code to the user, in order to force things 'out of band'. Then when
they go to the download page, it can check for the right registration
code, the right cookie, maybe the http referer, etc. 

Like I say, I don't know how well this would fit into Interchange, but
it definitely should be doable as a freestanding site directory along side
of Interchange. 

That or you could just email it & cut out most of the complexity...
 


-- 
Chris Devers                           chdevers@netscape.net
Apache / mod_perl / http://homepage.mac.com/chdevers/resume/