I have a website, with software downloads. Each of my customers have their own directory on the web server, and the directories are currently protected by tokens. Problem is, each customer needs their own token, and I'm running into the token limit on my webserver.
So, I'm looking at scripting the logins, and understand the basics of how this is done, with a small ASP script at the start of each page to check for session login, and redirection to a login page, etc.
OK, what about the actual executable download files - How do I protect these against direct linking? The current token system protects this very well, because a login is required before accessing the directory, so this works for exe files as well as web pages.
However, if I remove the tokens and use scripted login, I can protect my web pages, but all it would take is for one customer (or ex customer) to read the download link and publish it, and anyone who knows the link can download the software. It would also be very easy for customers to use the direct link to get free upgrades as the software is improved.
How can I protect against this? Can it be done with ASP (or PHP) scripting? I have seen systems using bizarre directory names for the download, that change with each version. Is this the best way?
Thanks for your help and ideas.