Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

How secure are the encrypted links for digital downloads
 
brucehere
Jr. Member
 
Total Posts:  7
Joined:  2008-10-31
 

I recently changed one of my .htaccess files from \"Order deny,allow
Deny from all\” to \"Order deny,allow
Allow from all\”

This was inside the media/downloadable folder.

I had to do this as it was mentioned in the another thread http://www.magentocommerce.com/boards/viewthread/31702/ as being the main reason i couldn\’t download files when putting in a custom url into the fieldname instead of uploading the download itself within the admin interface (which did work).

When I use the upload file method within magento it works perfect and i can’t access the file by putting in the file location manually into my browser.
However when I link to the file that I have ftp’d up, and since the “allow from all” has been setup, i can access the file straight away by putting in its location on the server…
I know it encrypts a special url when a customer downloads, I’m just a bit scared in case some hacker gets to the files which are actually quite easy to get.

Should I be worried about this?

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top