Posted 1 year ago #
Hello. Finally an eCommerce plugin with AlertPay as a payment gateway! You don't know how long I've been waiting for this!!!
However, my question is the security of digital downloads. They are kept in this folder, /dpsc_download_files/. Does the buyer get to see where the file gets downloaded after purchasing it? How can I make that folder secure so people don't steal my digital products?
Posted 1 year ago #
Hi,
You can secure the digital files by removing FTP access on the folders dpsc_download_files and dpsc_temp_download_files.
Also you can set proper file permissions on the dpsc_download_files folder, so that its only available to web-server for processing.
Posted 1 year ago #
Hehe do you know how to do this? I've tried googling this but it's not clear to me. Thanks. :)
Posted 1 year ago #
Also you can set proper file permissions on the dpsc_download_files folder, so that its only available to web-server for processing.
I'm not really sure on how you're going to achieve that.
By definition, to be able to display the picture on the website, the webserver already _has_ to be able to access the file.
Maybe you mean to disallow listing of the directory? But that is a moot point too as one would be able to crawl all posts/pages/whatever and download the pictures from there...
Posted 1 year ago #
Hi mssummer,
The digital files are stored in "/wp-content/uploads/dpsc_download_files/"
The link is generated by creating a temporary duplicate file in "/wp-content/uploads/dpsc_temp_download_files/".
So all you have to do is disable directory listing for these directory and you can password protect the "/wp-content/uploads/dpsc_download_files/" for extra precaution.
You find the steps here:
http://www.techiecorner.com/106/how-to-disable-directory-browsing-using-htaccess-apache-web-server/
http://www.openg.info/entry/making-var-www-codes-accessible-internet-apache
http://www.thesitewizard.com/apache/password-protect-directory.shtml
This topic has been closed to new replies.
