In a Windows-hosting environment, when you create a virtual product using download attributes customers are able to download a product as much as they like by using the following as an example: www.websitename.co.uk/download/product.zip
Download by redirect (which windows servers can't usually provide) is much more secure than without redirect.
However, it's true that if a user understands Zen Cart infrastructure, they could perhaps figure out how to download directly from the "downloads" folder.
Given that scenario, the following options are available:
1. Zen Cart already provides .htaccess protection for that folder. You could (should) update that file to add the file-extensions for all the types of files in your downloads folder. Thus, people using a browser cannot directly access any files matching those extensions. Granted, if you have redirect off, this may pose a problem. And of course, only works if .htaccess is fully supported on your server. (ie: not on Windows hosts)
2. If you are using redirect or streaming then moving the "downloads" folder into a place outside your webroot will prevent anyone from ever accessing the files with a browser unless they are using the Zen Cart-supplied links in their order details. This is the most secure approach. It requires physically relocating the folder, and editing your configure.php files to point to the real location of your downloads folder so that Zen Cart has a clue where to find the files it will be streaming to your users. This works on both Windows and Linux/Unix hosts.
See the related FAQ on How To Relocate my Download folder outside my webroot for better security
Apart from securing your downloads folders/files, Zen Cart also only offers a limited number of download attempts per order, preventing customers from sharing usable links with their friends. You can configure the counters and even reset individual downloads again via the admin interface.
- 0 Users Found This Useful
Related Articles
How can I find out what version of Zen Cart or PHP or MySQL I'm using?
To find out what version of Zen Cart or PHP or MySQL you are currently using, you can simply go...
Getting a BLANK PAGE? Here's the answer ...
If you're getting a blank page when trying to browse to a certain page on your store, or after...
What's New in the Upcoming v2.0 release?
Database Abstraction Layer and Sql CacheThe abstraction layer has been re-factored to include a...
Image Preparation - How-to
I've seen several posts where people obviously aren't quite sure about the best way to set up...
Some tips to modify stylesheet
1. Download Web Developer extension for FireFox here2. Install & restart FireFox. You should...
