Hi, I'm wondering how the security on the downloads folder works? I noticed in cpanel that it shows all the folders in the zencart installation to be 755 mode. This includes the download folder where the digital downloads are installed. However if you type in a link to one of the files in that folder from an internet browser, it won't open (thank god), but how is zencart preventing this, because you can forexample go to a picture in the images folder (that has the same 755 setting) and view it from any browser directly?
Also, should we be setting the download folder to 711? I tried a bunch of different combinations and 755 and 711 are the only ones that work for downloading files on the order page after payment is received, but I'm afraid if I change it to 711 (stops people from "reading" the files, whatever that means) then some features may not work. Should I bother changing to 711 or is the way zencart prevents access to the downloads folder sufficient? (Note: I noticed with 755 direct access through a browser that there is an error page where you login, so I put my admin password in and it still didn't let me see them it gives instead:
"Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, [email protected] and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request"
So it looks like zencart is doing something with it.
But when 711 was used, I got a typical 403 Forrbiden access message:
"Forbidden
You don't have permission to access /main-site/download/test.zip on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request."
I just want my site to be safe, but not mess up how it works with the downloading.
Thread: Digital Downloads Security
Results 1 to 7 of 7
Threaded View
-
3 Jun 2008, 05:33 PM #1
New Zenner
- Join Date
- May 2008
- Posts
- 9
- Plugin Contributions
- 0
Digital Downloads Security
Similar Threads
-
Digital Downloads
By keithck73 in forum General QuestionsReplies: 8Last Post: 9 Mar 2009, 06:45 PM -
Digital Downloads
By mkyle in forum Setting Up Categories, Products, AttributesReplies: 7Last Post: 15 Jan 2009, 05:43 PM -
Digital Downloads
By djdollar in forum Setting Up Categories, Products, AttributesReplies: 1Last Post: 31 Jan 2008, 11:50 PM -
Digital downloads
By robinwickens in forum Setting Up Categories, Products, AttributesReplies: 5Last Post: 14 Jul 2007, 05:13 AM -
Digital Downloads / Help
By bbhc in forum General QuestionsReplies: 2Last Post: 31 May 2007, 04:52 PM
Bookmarks