Our site www.viart.com site is operated by latest Viart Shop 5 with default Clear design
Topic Information
wende
wende
Ok, I'm a little frustrated! Angry I purchased ViArt (Enterprise) solely for the digital download and membership/subscription capabilities. However, I think that there is much lacking from the current version. I have content that should only be available to certain (current) subscribers and not to other subscribers. Yet in order to do so I have to trick the system by using "User Types" so that the sub is auto-recurring (via Paypal Pro). I just assumed that ViArt would do that! I bought ViArt based on the feature list, and figured that I wouldn't have to continue to manually renew subscriptions, just to give the customer payment choices. Then, there is no easy way to block content from some and not from others. For instance, my Platinum members should have access to content that is not available to my Plus members (with both being subscriptions). Furthermore, my 6 month Platinum members and 12 month Platinum members should have content differences between them as well. I can accomplish this with custom blocks for the most part, but here is where it gets even more crazy. In order to provide download links for my Platinum members (one-click NOT having to go through the whole cart system each time), I open myself up to getting all of my products stolen! Both the image and "my folder" (that holds downloads) are just waiting for someone to guess (or find via search engine) the path and download to their hearts content! Shock Chmod'ing folders/directories or .htaccess files doesn't work because then my Platinum members are blocked as well.
 
Shouldn't ViArt be more secure...especially for digital downloads?? I guess I just figured that would already be written into the code with all that ViArt can do! Try typing in your image locations in the browser address and you'll see what I mean! Anyone with half a brain can find the image or "my folder" (that holds my downloads) and download my complete product line for FREE!
 
While I AM loving what ViArt CAN do, it seems like the complete obvious has been missed! I do think ViArt is a great product, don't get me wrong, I just wish that the feature list would have been a little bit more detailed in the capabilities of the current version. So now I have to pay an additional $50 for a custom script that I think should be already included, and they state that it could take 2-4 weeks!! Wow. Maybe someone here has a suggestion? I've tried both .htaccess files and Chmod codes but my Platinum members need to have easy access to download links on each product detail page without having to go through the cart. My custom block works for this but then my site is vunerable. Any thoughts? Sad
 
W
 
TOCDCO
TOCDCO
Allowing certain user's access rights to certain sections is done by specifying what type of customer they are. Then, you can decide by product what user types and/or sites they should be able to be displayed on.
 
This way, you can allow only certain users to download certain types of products.
 
As far as downloads, why do you not send them the link in the email notification? This would allow them to click 1 link inside their email and get to the product....
 
wende
wende
Thanks so much for your reply. Yes, I've done that and it works GREAT for subscribers who PURCHASE downloads individually. However for my subs that pay for immediate access to downloads, any time, any day, for no additional charge, it does not. I have created a custom block that shows only for Platinum members on the product detail page that contains the download link of that product. However, in order for that member to download, my download folder/directory needs to be accessible by the public. So then that opens me up for anyone wishing to steal my digital product! See? Any expired member or web search could locate my folder, and download all they want. If I chmod the folder to restrict access it does so for my subscriber as well.
 
I've tried .htaccess but then the subscriber would have to input their username and password each time they want to download. My subscribers would be COMPLETELY frustrated having to either go through the cart each time, (to purchase a free product already included in their subscription) or by having to enter their username and password every time they want to download. I have over 500 downloads!
 
I know that there is a script or php code or something that can do this without revealing the folder location, restricting public access and enabling valid users download abilities. I just didn't think that I would have to ask for and certainly not pay for it in addition to the system. It's ok though - as I'm waiting for the mod to be done I'm just looking for any options that I might not have considered. Smile Any more ideas?
 
RogerS
RogerS
I also sell digital downloads, and only recently did I find out how to put my downloads in a secure place:
When you specify the download link, instead of using "http://yoursite.com/secret_folder/item" you can define it as "/home/yoursite.com/secret_folder/item". This "secret_folder" should be placed on your server at the same level as your "public_html" and "secure_html" folders - and is therefore completely hidden from browsers!
Broad grin
 
Works perfect with purchased items, but I don't know if this works with your "instant" downloads, though...
 
wende
wende
Nope, that doesn't work either. Sad It is the same as specifying the exact location. Since I'm using a custom block to show the download link to certain users (which is displayed as a "download me!" image), I've actually coded it as: /secret_folder/{item_name}.zip. That way the block will show the correct file to download, since I can't specify each link individually.
 
So using your method, I could be an expired member who could just type in the url to the download folder and items to download whatever I want. Or I could be a random person doing a search for a particular image and the search engine would find your protected image or zip and give me the location easily. Try typing in the download link (as you've described above) and you'll see that it will come right up for you. If it doesn't, PLEEEEASE let me know how you've chmod'ed or protected that particular folder.
Last modified: 4 Dec 2008 3:59 PM
 
TOCDCO
TOCDCO
Wende,
 
After reviewing what you're asking a bit more thorough, this cart product isn't for everyone. I'm thinking that you're one of the VERY FEW that this product just might now be the fit for.
 
wende
wende
Wha--?? Shock Of course it is! As I said, I am loving what it can do, I just think that it's just missing something. Any cart that can handle digital downloads should also be able to protect those downloads too, right? I think the developers may have just missed something obvious. Ya know how when one is so close to a project you don't see what is right in front of you? I think this is a good example.
 
After the money invested and all the months spent customizing the look and feel of this cart, I can't bare to even speak of starting over with yet another software product. That just will not do. I just thought that I'd put it out there to see if anyone else had any resolutions already in place for themselves. So...nobody needs to protect their folders or directories?! Wow. Maybe I AM asking for something crazy difficult after all?? Well, I guess I'll just wait for the $50 mod or look into contacting coders for hire. I most definitely will NOT start all over again. Thanks for trying anyway. Smile
 
Dave (Guest)
Dave (Guest)
Read this not sure if it helps:
 
""Apple's had some movies which seemed difficult to download.
 
I believe they were movies which opened a URL to to a second movie with the actual video content. The URL obviously isn't visible in the source, though perhaps some router log file might reveal it.
 
If the movie itself isn't self-contained, that might work too.""
 
Dave
 
wende
wende
Um... huh? Read what? I don't know
 
TOCDCO
TOCDCO
I have many downloads available on my site for purchase. Certain types of customers can see them, and certain types cannot. Certain user types can access various sites, certain ones cannot.
 
I have had no problem using ViArt's product for downloads to my customers after purchase.
 
They create the list of items they want to download, click on the cart, and process their payments. If they're free for that customer, then the cart doesn't actually ask for payment, just creates an order, at which a download link is created and expired at a certain time.
 
As far as anyone stealing my products... I really don't think this is going to happen due to two reasons.
 
1.) The links to the product are encrypted through the db so they're not distinquishable.
 
2.) They're not pulled in through browsers because my robot's file deters that, along with the fact that the file names aren't actually the name of the product... they're named by a code that I have a list of.
 
wende
wende
You're absolutely right! The system works great for purchased/free via-shopping-cart products! My monthly members are quite happy about that, as they purchase downloads individually. No problem there! As I stated before, that is NOT the problem. It is the folder containing those downloads that is not protected and therefore can't be used as product storage. Doesn't really matter what you name them, all search engines nowadays can search specifically for images and list yours in their findings. Then your product is only a click away from being...well, FREE.
 
I don't want to get into a debate about this issue, ViArt is a great product, but as with all products, improvements can be realized. What works for you may not be secure enough for me so if there are no other SIMILIAR situations, with tangible solutions out there, then the custom route (for me) is the way to go. Just thought I’d check here first…maybe, in the future, it will save someone else the time I’ve spent looking online for an answer.
 
TOCDCO
TOCDCO
I wasn't thinking of downloadable images... I was on the track of downloadable programs.
 
If it's images, I would enable the watermark feature that is included with the cart so that it cannot be stolen, and then the purchaseable product I would put into a zip file that I would name the random number in order to be prevented from being pulled out by a search engine.
 
wende
wende
Yeah...still no go. That is precisely how I have the files set up. The watermark feature works great WITHIN the product detail page. However, it is only placed ON TOP OF the image so I can still go directly to the image folder via browser and download unwatermarked images. Try it, you'll see. I can also put my own watermark on the image itself before uploading, which is fine, but my images are views of the final purchaseable product, not the actual downloadable, image itself. So it's fine if someone wants to steal that image, they can't actually use it for the purpose intended. For example: I sell a collection of individual images placed in themed kits for use on say, scrapbook pages. I've got image1, image2, image3 and image4 all bundled up into mytheme.zip. So the cart view of this kit would be all of the images together arranged and layered in low resolution to resemble what looks like a box you can pull off the shelf. Follow me? So even if someone steals that preview, it doesn't matter because they can't actually USE the images.
 
In addition, I've got all of my kits (which are my purchaseable products) in individual themed zip files, placed within the folder I'm trying to protect. No matter what I name them, they are still accessible. For instance, say I'm Platinum member "A" who has a current sub and therefore is shown the custom block containing the download link. The download link itself is in the form of a picture that reads: "download me!", instead of the file path showing. When I click on that image, I get a download popup box that temporarily shows the path until I click save. A few months later, my sub expires and I no longer have access to the custom block. However, during my time of downloading freely, I noticed the name pattern of each file, for instance birthdays01.zip, birthdays02.zip, birthdays03.zip. So the logical thing would be to open up any browser, type "www.hersite.com/imageorcontentsorprivateorwhatever/birthdays04.zip, and guess what pops up. Search engines, same thing. While many people wouldn't do something like that, there are many who will. It's sort of like going to the mall and telling them not to lock the doors at night. Some may see that they aren't open and turn around, and some will pull the door anyway.
Last modified: 5 Dec 2008 4:32 PM
 
RogerS
RogerS
I may not be computer savvy enough... is it really possible to type an URL to a folder placed outside of the website domain? I use a folder I believe is completely invisible to browsers:
-- public_html
-- -- here is the website files http://yourdomain.com/
-- secure_html
-- -- here is the secured website files https://yourdomain.com/
-- secret_folder
-- -- here are the files completely hidden!
The only way to access these files is through the address in the ViArt database formatted like /home/yourdomain.com/secret_folder/item. ViArt access these files through encrypted php (download.php)
 
Can this folder really be accessed by typing an URL in a browser? How?
I don't know
 
It still doesn't solve your "direct downloads" - unless you manage to format the download link to use the download.php script somehow...
 
Last modified: 5 Dec 2008 9:14 PM