Downloadable goods and security

Store Builder Questions
1

Hi



I’m new to these forums, so sorry if this has come up before, but I would not find any information in the posts or by searching.



We are wanted to distribute software electronically through cs-cart, but we want to ensure that the files will be secure and no one will be able to access them unless they have purchased them.



I know the files are stored in /var/downloads folder. How secure is this folder? We have set chmod 777 during install and I find that I can type in the url directly to the folder and see the files.



I have read that the downloads folder can be moved outside of the public_html folder, so I created a folder outside of the public_html, set chmod 777 and also edited the config.php file to point to this location, but when I try to attach a file to a product, it does not allow me to saying I do not have permisssions to write to that folder.



Any assistance on this issue would be much appreciated. Is anyone selling digital files? If so how did you implement it securely on cs-cart.



Thank you.

2

Hello jimbow,



Thank you for your request.



By default, the .htaccess file is located in the var directory of your CS-Cart installation. This file will not allow you to access files in the var/downloads directory by a direct URL. If you have access to files in this directory, it seems that there is no .htaccess file in the mentioned directory or it is modified. Another reason is that .htaccess files (or some its directives) are not supported properly by your server. In this case I suggest that you should contact your server administrator and ask him/her about it. The default content of this file is the following:



Order deny,allow
Deny from all

order allow,deny
allow from all





So, until you purchase a downloadable product, you will not be able to download its files. After you purchase such product, you will be provided with a special link which will let you download the file.



I hope I have managed to answer your questions. Please let me know if you need further information.



Thank you.





Pavel Zyukin

CS-Cart Support team

3

Thank you Pavel,



I will look into that.

4

You are welcome.





Pavel Zyukin

CS-Cart Support team