www.webdeveloper.com
Results 1 to 4 of 4

Thread: Secure downloads...

  1. #1
    Join Date
    Aug 2007
    Posts
    2

    Secure downloads...

    I have a website, with software downloads. Each of my customers have their own directory on the web server, and the directories are currently protected by tokens. Problem is, each customer needs their own token, and I'm running into the token limit on my webserver.

    So, I'm looking at scripting the logins, and understand the basics of how this is done, with a small ASP script at the start of each page to check for session login, and redirection to a login page, etc.

    OK, what about the actual executable download files - How do I protect these against direct linking? The current token system protects this very well, because a login is required before accessing the directory, so this works for exe files as well as web pages.

    However, if I remove the tokens and use scripted login, I can protect my web pages, but all it would take is for one customer (or ex customer) to read the download link and publish it, and anyone who knows the link can download the software. It would also be very easy for customers to use the direct link to get free upgrades as the software is improved.

    How can I protect against this? Can it be done with ASP (or PHP) scripting? I have seen systems using bizarre directory names for the download, that change with each version. Is this the best way?

    Thanks for your help and ideas.

  2. #2
    Join Date
    Oct 2006
    Posts
    251
    So you want a customer to only be able to download from their directory?

  3. #3
    Join Date
    Aug 2007
    Posts
    2
    Quote Originally Posted by Chikara
    So you want a customer to only be able to download from their directory?
    Yep. Each customer has their own directory, with a single webpage with a single link to a single executable. Occasionally customers have multiple downloads for a particular customer. Most customers share a common directory. It would be nice to also offer common-access areas too, but this is not totally necessary, and not part of the initial requirement.

    The actual number of customers is small (<50), and fairly static, so manual configuration is no problem. It's just very important to keep the downloads secure from each other (my customers are all direct competitors of each other) and secure from outsiders.

  4. #4
    Join Date
    Oct 2006
    Posts
    251
    Just make it so that a customer must log in to download a file. Then you can associate the login ID with the folder name.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles