Pub Directory Access

[vivaknievel]

Hello there, I have re-direct on, and downloads are working well and expiring when they're supposed to, within the account itself...

However, I noticed that at least for a Mac user, clicking on the Download button, a music download is now opening to a Quicktime page for them to do a Save As. That would be fine, except that a link to the file within the "pub" folder appears in the address bar, and I'm finding that this link could theoretically be shared with others, which seems to defeat the purpose of my using link redirect.

Is there anyway to prevent this pub link from working for more than the number of download allowances? I have tried setting permissions for the pub directory at both 755 and also 777, as I've seen in two different sets of Zen documentation, but neither prevents this from occurring.

In lieu of a solution for that, then I'm wondering if there's a quick way to see what downloads have already been used and perhaps trigger that particular encrypted link to "disconnect" from the file permanently?

Thank you....

[DrByte]

There's an automated cleanup: The randomized filename link in the pub folder is deleted the next time someone clicks to download their merchandise.

If you would prefer to make no link ever get used, turn off redirect and turn on streaming. This will put the burden on PHP instead of Apache, and limit your downloads to whatever max runtime is available on your PHP setup (usually 30 seconds), but will send the file directly without using a "link". This method has its pros and cons depending on server configuration and the size of files you're downloading.

[vivaknievel]

Thanks for the quick reply, Dr. Byte...

I found that even though the Download link would expire within the account, if someone had already copied the long pub link when they first accessed the file and say, sent it to another person, that same link would still work long after the download expired.

I will look into the streaming option and weigh those pros and cons. I have zip files that are as much as 200 MB, so we'll see!

My concern is less about full-on theft of files than it is, say, someone posting the pub link somewhere, drawing on bandwidth.

I'll keep doing some tests, cause I'm not sure if that link works, because it's being used by an Admin IP. I'll give the a link to someone else and see if they're able to access it.

This still was a big help, though! Thank you!

[DrByte]

I found that even though the Download link would expire within the account, if someone had already copied the long pub link when they first accessed the file and say, sent it to another person, that same link would still work long after the download expired.

The old links will be invalidated the next time someone does a download by clicking on the download link in their order.