Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Downloadable goods and security Rate Topic   - - - - -

 
  • jimbow
  • Newbie
  • Members
  • Join Date: 21-Feb 13
  • 3 posts

Posted 21 February 2013 - 02:27 AM #1

Hi

I'm new to these forums, so sorry if this has come up before, but I would not find any information in the posts or by searching.

We are wanted to distribute software electronically through cs-cart, but we want to ensure that the files will be secure and no one will be able to access them unless they have purchased them.

I know the files are stored in /var/downloads folder. How secure is this folder? We have set chmod 777 during install and I find that I can type in the url directly to the folder and see the files.

I have read that the downloads folder can be moved outside of the public_html folder, so I created a folder outside of the public_html, set chmod 777 and also edited the config.php file to point to this location, but when I try to attach a file to a product, it does not allow me to saying I do not have permisssions to write to that folder.

Any assistance on this issue would be much appreciated. Is anyone selling digital files? If so how did you implement it securely on cs-cart.

Thank you.

 
  • CS-Cart team
  • CS-Cart support team
  • Moderators
  • Join Date: 04-Apr 11
  • 3797 posts

Posted 21 February 2013 - 08:07 AM #2

Hello jimbow,

Thank you for your request.

By default, the .htaccess file is located in the var directory of your CS-Cart installation. This file will not allow you to access files in the var/downloads directory by a direct URL. If you have access to files in this directory, it seems that there is no .htaccess file in the mentioned directory or it is modified. Another reason is that .htaccess files (or some its directives) are not supported properly by your server. In this case I suggest that you should contact your server administrator and ask him/her about it. The default content of this file is the following:

Order deny,allow
Deny from all
<Files ~ "\.(js|css)$">
  order allow,deny
  allow from all
</Files>

So, until you purchase a downloadable product, you will not be able to download its files. After you purchase such product, you will be provided with a special link which will let you download the file.

I hope I have managed to answer your questions. Please let me know if you need further information.

Thank you.

---
Pavel Zyukin
CS-Cart Support team

Sincerely yours, CS-Cart Support Team

 

User guide       |  Developer documentation  |  Core API documentation


 
  • jimbow
  • Newbie
  • Members
  • Join Date: 21-Feb 13
  • 3 posts

Posted 24 February 2013 - 11:29 AM #3

Thank you Pavel,

I will look into that.

 
  • CS-Cart team
  • CS-Cart support team
  • Moderators
  • Join Date: 04-Apr 11
  • 3797 posts

Posted 28 February 2013 - 11:53 AM #4

You are welcome.

---
Pavel Zyukin
CS-Cart Support team

Sincerely yours, CS-Cart Support Team

 

User guide       |  Developer documentation  |  Core API documentation