Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Download directory is not secure.


smithveg

Recommended Posts

I had open a store to sell images. I discover a big problem here.

Download directory is not secure.

 

It give me the path in where my downloads' image was store. that's /../download

When i get this link. i just paste it in my browser http://www.name.com/download/image.jpg

Then i can open the image already... so everyone also can copy my images. (i sell images)

Not secure...

 

I would like to know any ways to secure this downloaded products?

If i set the password protected directory in hosting sites... customer still can download the products or not? I think why can't.

 

I would appreciated any reply.

smithveg

****

Hello World! ^.^ I'm a Internet naive. Browse my working profile

Malaysia Web Services - OPerion Website Marketing System

Link to comment
Share on other sites

Not sure if password protecting it could cause a problem or not but you could always name the files they will be downloading different than the products image name for thumbnails/product listing and then make an index.html page and stick it in your images folder or download folder... where ever the images are you do not want people to take and put something on it that says no access or whatever you want. So even if they tried to go directly to that folder they wouldn't know the right file name and they would see the html page not a list of images if they tried to get in the folder.

Wendy James

 

Creativity is allowing yourself to make mistakes. Art is knowing which ones to keep.

Link to comment
Share on other sites

Not sure if password protecting it could cause a problem or not but you could always name the files they will be downloading different than the products image name for thumbnails/product listing and then make an index.html page and stick it in your images folder or download folder... where ever the images are you do not want people to take and put something on it that says no access or whatever you want. So even if they tried to go directly to that folder they wouldn't know the right file name and they would see the html page not a list of images if they tried to get in the folder.

 

ok, i have add the index.php in /images/ and /download/ directory.

I don't think it can prevent others copy my images.

 

I am using download controller contribution. it worked well. one thing that confuse me is the download lonk will send to customer's email or the account in my sites?

For Example, i it send the download link like this to customer.

http://www.mypage.com/download/image1.jpg

Then they may guess our the filename 'image2.jpg'

and access by this http://www.mypage.com/download/image1.jpg. They still can open the image2.jpg.

 

I have an idea but i don't know how to do it.

Than is just let the user download from my sites if he/she login to his.her account.

I do not want to send the download link to customer.

By now, i'm not where how the download controller contribution give the link to customer.

I have also read the manual/readme. They never explained about it.

 

Thank for your help.

smith.

****

Hello World! ^.^ I'm a Internet naive. Browse my working profile

Malaysia Web Services - OPerion Website Marketing System

Link to comment
Share on other sites

If you are talking about the email sent to the customer...Just remove it

from the email and put in an explaination of where and how to download

the file...

dittone.com

Roman

 

dittones,

 

can you tell me which php file should i go to remove the 'download link' which i do not want to send the link to customers.

Hope you help me.

smithveg

****

Hello World! ^.^ I'm a Internet naive. Browse my working profile

Malaysia Web Services - OPerion Website Marketing System

Link to comment
Share on other sites

Dear SmithVeg,

Go to program catalog>checkout_process.php and find

 

EMAIL_TEXT_INVOICE_URL . ' ' . tep_href_link(FILENAME_ACCOUNT_HISTORY_INFO, 'order_id=' . $insert_id, 'SSL', false) . "\n" .

 

Just comment this command out with // in fron of the code line...

 

This is where the email is being built...If you want to add or change the

email here is where you can do it.

 

I hope this helps

dittone.com

Roman

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...