Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email

Magento Forum

How secure are the encrypted links for digital downloads
Jr. Member
Total Posts:  7
Joined:  2008-10-31

I recently changed one of my .htaccess files from \"Order deny,allow
Deny from all\” to \"Order deny,allow
Allow from all\”

This was inside the media/downloadable folder.

I had to do this as it was mentioned in the another thread as being the main reason i couldn\’t download files when putting in a custom url into the fieldname instead of uploading the download itself within the admin interface (which did work).

When I use the upload file method within magento it works perfect and i can’t access the file by putting in the file location manually into my browser.
However when I link to the file that I have ftp’d up, and since the “allow from all” has been setup, i can access the file straight away by putting in its location on the server…
I know it encrypts a special url when a customer downloads, I’m just a bit scared in case some hacker gets to the files which are actually quite easy to get.

Should I be worried about this?

Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top