HomeHome Product Discus... Product Discus...SmithCartSmithCartDownloadable products and URL securityDownloadable products and URL security
Previous
 
Next
New Post
7/29/2010 12:09 AM
 

Hallo Experts,

I am testing your webshop and my first impression is very well because it has a good user experience.

Now I have a question about downloadable products and URL security.

In your user guide on site 86 you mentioned that the download link on the confirmation page is secure.

But when I press the download now button a popwindow (browser window) and the save dialog appears, where the user can see the url.

See following Screenshot:

http://picasaweb.google.at/1129447218...

Please tell me, how to hide the real url?

Must I use Gatekeeper?

Many thanks in advance

best regards

John

 
New Post
7/29/2010 7:49 AM
 

I am a little confused:

In the browser source code editor I can found following code:

input ... window.open(Location of download)

In your manual you are mentioned that the product download url is not visible beginning with version 2.66

How does the real behaviour and the text in user manual fits together?

The testversion I have installed has version 2.97.0

Please let me know, whats wrong

 
New Post
7/29/2010 5:17 PM
 

The download url is populated in server side code when the user clicks the download button on the confirmation page so the download url is hidden when the user hovers or right clicks on the button (the way most people know to get a url) but after the user clicks the button unfortunately the latest browser versions don't allow url masking anymore as its considered a security risk to allow url masking/hiding. The cart server side code does a window.open and we have added the parameters 'resizable=no,toolbar=no,menubar=no,location=no,status=no' but ie8 and the latest broswers ignore it. The browser window that pops up when you click the download now button is only visible for a second before the dialog box is displayed to download the file so the user wouldnt be able to cut and paste the url. Here are a couple posts on it:

http://www.dotnetspider.com/forum/238...

http://www.coderanch.com/t/118289/HTM...

The Gatekeeper download manager for Smith Cart was specifically developed to fully secure your soft products. Here is more info on the gatekeeper

Smith Cart Electronic Downloads Gatekeeper Manual v1.01

Buy Gatekeeper Online

-Scott


Scott Kelly
Project Manager
DotNetNuke Consulting, DotNetNuke Store and DNN Ecommerce
 
New Post
8/4/2010 3:45 PM
 

I had one other idea on how you could fully secure your downloadable products without purchasing our gatekeeper program. Using the DNN file manager create a "Secure File System" folder to store your electronic products. The files within this directory will have .resources appended to the filename. The secure file system prevents hackers from downloading your soft goods directly using a browser as IIS and Asp.Net will not allow .resources files from being downloaded.

In order to generate the download link for your soft goods that you have secured using the secure file system you need to utilize the DNN LinkClick.aspx file processor to serve the file up which makes it possible for you to set the file view permissions to restrict the viewing to just authenticated users or any other selected role. Once you generate the DNN linkclick url just cut and paste the url to the download url field in the Smith Cart product setup screen and your electronic products will be fully protected.

Step by Step Instructions:

  1. From the dnn admin menu - file manager navigate to your portal root and enter a folder name in the "Folders" field
  2. Select the option "Secure - File System" from the folders dropdown list and click the "Add folder" button
  3. Using dnn file manager upload or copy your downloadable product files to your new secure folder you just created
  4. Go to any dnn page and from an html module click the hyperlink icon from the rich text editor and create a file system link to the file in your secure folder.
  5. DNN will create a secure linkclick url
  6. Copy and paste the link click url to your clipboard or notepad
  7. Go to the Smith Cart product setup screen for your downloadable product that you want to secure
  8. Paste the linkclick generated in step 6 in front of the full url to your portal root. It should look something like this:

http://www.yourdomain.com/Portals/[yourPortalRoot]/Products/LinkClick.aspx?fileticket=0NI7XZREIeB0%3c&tabid=114


Scott Kelly
Project Manager
DotNetNuke Consulting, DotNetNuke Store and DNN Ecommerce
 
New Post
8/15/2010 11:06 PM
 

Many thanks for your hint.

I could not reproduce step no. 4.

In DNN (Version 5.4.4) the link button has only the option to insert document links.

And the document manager shows the secured path but not the secured file.

My suggestion is: Why do you not offer this as feature in a new cart version?

I think this steps could be done through code?

I could do this steps, but could my customer do this, if he inserted his product?

Another suggestion is: if you buy the cart and the gatekeeper to secure files, you should get a special price.

Many thanks in advance

 
Previous
 
Next
HomeHome Product Discus... Product Discus...SmithCartSmithCartDownloadable products and URL securityDownloadable products and URL security