Don't give anyone a direct link to the secured content but instead generate a unique serial number and give them a link to a handler with the serial number.
getContent.cfm?serial=91080981 And then let people download with each serial number only once. If they go to the url a second time, display a message saying the file has already been downloaded. Of course you'll have to deal with issues where a customer needs to download it a second time legitimately, such as an error during the initial download. But this will get you started. HTH, Sam > -----Original Message----- > From: Double Down, Inc. [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 20, 2003 6:46 PM > To: CF-Talk > Subject: Security Issue With PayPal & CF > > > Here is a problem I am having that I would like to hear some > people's thoughts and ideas on. > > I am setting up a site where a person will be able to > download a file once they have paid for it by using paypal as > my processor. Problem I am having is one of security. I do > not want to give any information in the return URL for fear > that people will be able to bypass it by using that > information. I am also not sure if session variables will > work since the person will be leaving my site to go to PayPal > to fill out the payment info, before coming back to mine. > > If anyone has any ideas or suggestions, I would like to hear > them. Need to get this problem solved fast. > > TIA > > DDINC ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
