download page

Re: download page

If they are taken to a protected page, they shouldn't be able to get there again without purchasing again. But if they already downloaded it and have a copy - why would they download it again?

Re: download page

I don't worry about this on my site, as Beth says why would they go there again. They would also not bother to pass the address on to others as they could easily just pass the e-book on, which happens if we like it or not.

Some things are just not worth losing sleep over and this is one of them.

Don't worry about it.

Paul

Re: download page

Thank you. You are right. This isn't something I should worry about.

Re: download page

I would say the page needs to be protected as i have found pages indexed by the search engines which are meant for purchases only. A way to overcome this tho is to add the page into the robots txt but it would not stop people pasting the page address as again i have seen done before. so protection all the way i say.Normally php coding is quite good for this as you can then keep the download files out of the public_html folder by creating a download link to the file which is temporary and therefore out of reach of people who haven't paid. cubecard (found in cpanel) is quite good for this type of thing.

Re: download page

Its not in the public folder and it is a php page...........and it cannot be accessed until someone has paid.

Re: download page

ScubaDiver:

I am currently selling e-books for two of our forum members with another three in the pipline.
Visit Your Local E-Book Centre and take a look at http://e-books.bluevodaforms.com/willsinfo.html and Choose your Childs Future Health.

If you like what you see, and wish me to market your E-Book, contact me through the site contact form...............
__________________

Re: download page

I just looked at my stats and it said that the download page has been accessed 20 times. I haven't made that many sales yet. How does this happen?

Re: download page

We did quite a bit of testing, have you checked the dates ??

Re: download page

It doesn't say on what days it was accessed. I guess there is nothing I can do about it.

Re: download page

You have it protected, right? It's not just a page anyone can get and it's not a page that search engines will spider and find, right?

As to 20 times - I know I was there once, maybe twice when we were working.

Re: download page

Ok, CiCi's download page is NOT protected. It simply is the last page in a sequense of Payment - returnpage (from PayPal) with a survey form in it and finaly the download page. So, it can be accessed by anyone, if the link is available through some SE indexing.

Please note that PDF's are also indexable by Google and other SE, as long as there are links from a page to them.

The ONLY way to protect a download, is NOT having any links to it, and NOT having the file on the site. This is done by

1. Generating the link to the file dynamically: this means that a verification script is needed, that will check with PayPal the payment details, and if everything is ok, will display the link to download.
2. The file it self is NOT on the site but in the database, so it cannot be indexed or accessed by anyone if the the script doesn't display the link to it.

Downloading the file from the database with such a procedure involves also a special download script.

This is more or less the core of our Instant Download Cart (which also allowes client info tracing, order details, payment details etc. to be stored and viewed in the database)

Re: download page

Naval; I agree with some of what you say, but there are millions of sites that do NOT use databased download links.

Also if a page is protected, some people have a problem when being returned by paypal for the download.

The problem of Google can be overcome by putting NO FOLLOW in the return PHP page and the download pages, and if these download pages are not linked or published anywhere else on the site, then no problems should arise.

It is also quite easy to change the actual download page at times so that it can ONLY be accessed from the return page, and as
the return page from CICI´s payment merchant is encrypted, then no one knows where that page is.
Unless you paid to see this page, how did you know that it was a thankyou and survey page? and I dont think CICI will thank you
for making that public................

When you say that the links cannot be accessed simply because they are in a database, then that is not strictly true....There are ways and means of accessing databases without knowing the password, as you well should know.

I do agree though, that the more security you have, the better.............

yours cordially

Re: download page

Hi David, good to have an exchange of opinions.

Ok, let's see your points:

I agree with some of what you say, but there are millions of sites that do NOT use databased download links.

Yes, true. As long as it is a couple of files, then yes, that's acceptable. If you make a living by selling sogtware or images or e-books, you certainly do not leave these links in the air.

Also if a page is protected, some people have a problem when being returned by paypal for the download.

Protection in this case doesn't mean having a pass protection It means a whatever protection, usually by verifying the payment with PayPal. A simple protection, which does not require information from PayPal, is to see if the link that has led to the page, truelike. (The links from PayPal are of a certain type). This will at least protect you from amateur attempts of illegal download.

The problem of Google can be overcome by putting NO FOLLOW in the return PHP page and the download pages, and if these download pages are not linked or published anywhere else on the site, then no problems should arise.

Not 100% True (in my opinion) . I don't know how and why, but Google has found many of my "hidden" (meaning without links to them) PDF's that i uploaded on my site for my client's to access simply giving them the direct link.


It is also quite easy to change the actual download page at times so that it can ONLY be accessed from the return page, and as the return page from CICI´s payment merchant is encrypted, then no one knows where that page is.

Correct. Only that i (personally) don't like to change my return page every once in while. I prefer spending my time in other things.


Unless you paid to see this page, how did you know that it was a thankyou and survey page? and I dont think CICI will thank you for making that public................

Beacuse i have built that page. And, i didn't make the link (with that strange name) public. And, remember, CiCi is worried about his security, since the page has been accessed a number of times. I will now set it so that the page is protected (using the IDC core for this purpose).

When you say that the links cannot be accessed simply because they are in a database, then that is not strictly true....There are ways and means of accessing databases without knowing the password, as you well should know.

Yes, if you are a (good) hacker. But if American Express, with it's Fort Knox security systems, has left 1.000.000 credit card numbers to get hacked, then i suppose that we cannot talk of 100% security never.


David, please understand that i am, most of the times, speaking strictly from the technical point of view. I will also have a free version of my IDC limited to a single product, available for VH users as soon as possible. But, when it comes to sites that live from automatic downloads, then the above solutions are simply not acceptable. You need to have the links protected by a script, you need to NOT have the files stored in the site, and you need to verify that the client has paid before you can allow him to download.

Re: download page

A agree with Naval.

And, if you put nofollow or no index, that is only good when they are looking from your site.

However, once someone buys the product, if they put the link in their blog or on a forum, for example - for their friends - it now becomes a link that the se's will follow - and now when someone queries for it, it might come up in the se's and people will all get to the pdf file for free. Kind of defeats the purpose of selling a product if it's readily available free. Which any page not protected but out there will become if it's found by outside sources.