As you all are aware, when using cpCommerce you have the ability to attach zip files to the products so the user can download the item upon completion of the purchase. In the old method, there were several ways on which a person could find the downloads directory and then have access to all of the files you have uploaded, this is now changed.
Now, it should be cleared up that this method does not stop them from “finding” the download directory by sniffing the header content in the browser, but rather the whole idea is placing the download directory in a spot not accessible by Port 80. To do this, you will need to have a web host who gives you SSH access (though FTP access may be sufficient too).
On most web servers you have a directory called ‘www’ or ‘public_html’. These directories tell the web server they are do be allowed for viewing on Port 80. Now if you create a directory called ‘downloads’ outside of these folders, they are inaccessible from Port 80 and thus anyone with an Internet connection cannot get to that directory by surfing your site (Please realize that if they had FTP access or SSH access, they could still get to it!).
Once you make that directory and chmod it to 0777, you can move all of your current download files from the public directory to the “private” directory. Finally, you will need to update your Configuration area, to tell it where the files are located. For the most part, it should be self-described, other than the fact that by default it will point to: /path to public or www directory/store directory/images/products/downloads/. You will want it to be: /path to your downloads directory/. An example of this path would be: /home/cpradio/downloads/
Now that you have it all configured, your download files are safe from the computer literate.
2 comments ↓
the forum is not showing the content of each topic when viewed.
Thanks for letting me know, its back up.
Leave a Comment