Download Security Issue
I have just started using Zen Cart version 1.3.0.2 and I am very impressed, but I have discovered a problem.
When you create a virtual products using download attributes customers are able to download a product as much as they like by using the following as an example:
www.websitename.co.uk/download/product.zip
I am using Microsoft-IIS/6.0 web server with “Attribute Settings > Download by Redirect” turned off. I have turned this option off because it corrupts the zip file when customers download products. Even when redirect is turned on the url mentioned above will bypass security. I have a .htaccess file in my download directory, but this does not offer any protection. This a real problem because customers can easily work out the url they need to download files.
Does anyone know a security fix?
Thread: Download Security Issue
Results 1 to 3 of 3
Threaded View
-
31 Aug 2006, 02:36 PM #1
New Zenner
- Join Date
- Aug 2006
- Posts
- 2
- Plugin Contributions
- 0
Download Security Issue
Similar Threads
-
current 1.3.8 download, is new security fix included??
By tlyczko in forum General QuestionsReplies: 2Last Post: 13 Oct 2008, 08:43 PM -
Security error becos of TimeZone Download
By Kitty in forum All Other Contributions/AddonsReplies: 3Last Post: 1 Mar 2008, 11:45 AM
