jeannieg — 2010-05-31T15:18:00-04:00 — #1
I was on an internet marketing conference call and it was said that no digital download page can be made secure from being found by anyone who wants to. It was also said that the only secure pages would be on membership sites, which, of course are pricy (to me it seems they are pricy). Is this true or are there things that we can do for a digital download?
Thanks for your help.
eruna — 2010-06-10T10:36:10-04:00 — #2
The way to secure a digital download is to store the files above the public level of the site. After purchase, the user is directed to a page that doesn't link directly to the document but to a request to a php script that delivers the file if the appropriate credentials are met.
norebbo — 2010-06-05T23:40:55-04:00 — #3
Just thought I'd second this comment - I've used LinkLok for several client projects, and it works like a charm. Very easy to set up, and secure enough. Highly recommended.
alexdawson — 2010-06-02T09:35:12-04:00 — #4
Alas nope, not at this point, the closest thing there is to that is product activation like you get in MS products where the cease to function if the product key doesn't match the machine it's meant to be registered too. If it's anything other than software, you're pretty much in a no win situation (people can crack activation too).
PS: Tron is awesome, there is a new Tron 2.0 movie coming out soon, the trailers look amazing. >>> http://www.youtube.com/watch?v=6HcsDc_9LX8
jeannieg — 2010-06-02T09:25:02-04:00 — #5
These are terrific solutions to what we are dealing with in terms of LinkLok, and php files above the root, and E-junkie. I think php files are probably beyond us, but the others are workable. Thank you very much - this is just what we needed, I'm sure.
Alex, I don't know if you know the movie Tron, but it was rumored to have codes within the film (at that time film meant VHS) so that if a person tried to make copies, they got gobbledygook. Will that be invented for digital downloads? Has it already been invented?
There are many honest people in the world who know that the authors of these downloads have rent to pay like everyone else, and may these wonderful people be our customers.
PS Tron, now that's a movie to show to a programmers' convention!
alexdawson — 2010-06-02T01:44:01-04:00 — #6
The real problem you need to think about is what happens when the end user gets hold of your digital download, there's nothing to stop them putting it onto a torrent site or handing it out to the people they know. Securing your download page may seem like a reasonable idea, but it's pointless if your end-users then decide to make it available outside of your secured environment. You may want to look towards making the download publicly available and having some sort of verification mechanism within the download to ensure the end user is entitled to use what you're offering (activation perhaps).
ralphm — 2010-06-02T10:23:09-04:00 — #7
If you are selling ebooks/pdfs, Adobe also offers a service that locks a pdf to a single computer. It costs a fortune, though, so you'd want to be a big business. Besides, this sort of thing really just punishes honest people, and is a real pain. Others point out that if your materials are spread around, it's a form of advertising--as long as you plan things well.
There are many honest people in the world who know that the authors of these downloads have rent to pay like everyone else...
Yep, there sure are. Apparently they even found one in China recently. :lol:
xhtmlcoder — 2010-06-01T06:25:07-04:00 — #8
Yes, a lot of people place PHP scripts above the root just in case in the unlikely even the parser falls-over and leaves their web-pages looking naked with exposed connection scripts, etc.
If it is important you should consider HTTPS for obvious reasons.
jeannieg — 2010-06-01T03:45:58-04:00 — #9
Ralph, thankyou so much for this info - Linklok looks very interesting and is probably what we are looking for.
We are just getting our feet wet in this field, so this may sound ignorant - my apologies. We all have probably either Bluehost or Host-Gator, so we have a main domain and then add-on domains for whatever else we develop. We are on shared servers. Where would we put the digital products if we don't want them found by meditation hungry hackers?
And one last question, for now, at least, I know someone is going to ask if there are any free options, so are there? We are beginners with big ideas, but not master programmers - or even junior programmers, so I am afraid that has to be taken into account. Most of us are doing this on a shoe string.
ralphm — 2010-06-01T04:13:57-04:00 — #10
Unfortunately I'm not the best person to ask, as I'm pretty ignorant! If you put a file in, say, a folder called /lala234looloo/, I mean, who's going to find that?! And of course, you could have folders within folders. LinkLok generates a random link that actually leads to that folder, but no one will ever know what the folder is really called.
I know that you can also place files "above the web root", though I haven't done this much, and it may be different on each host. But that's a common practice, I believe. If a file is located "above" the root folder on a server, not even the best hacker can access that, so it may be worth looking into if you REALLY need security.
Also, some other 3rd party services allow you to sell digital downloads and (I believe) host the files themselves, probably in highly secure environments. An example is eJunkie, so that's worth a look too.
For free options, I'm sure there are some around. LinkLok is a cheap, one-time fee, but if I remember rightly, services like Mal's cart offer a free cart that include digital goods (?). Maybe check that out.
ralphm — 2010-06-01T01:44:14-04:00 — #11
Perhaps it is possible that no digital file is completely secure (I'm not sure) but for practical purposes I'd say it's not a big concern. I sell digital files using some simple software, and the url it generates is very long and I defy anyone to work out where the file really lives on that basis. It just wouldn't be worth someone's time—unless perhaps your digital file contained US military secrets or something. (In that case, you'd probably have a million of the best hackers in China on your case, on behalf of their government... o no, sorry, they've denied that, haven't they? :lol: )
It's just one of many options, but I've had good success with LinkLok.