hi there, i am currently developing a music download site and i was wondering how others have overcome a few possible security issues
The main problem is someone finding out the url of the tracks they are donwloading, then downloading them using a downlaod manager OK, i have thoguht of a few options, what do you think? #option 1 when a user places an order, their tracks are picked out from the 'library', and put into a zip, then a new folder is created as follows /orders/#uuid#/#ordernumber#/newzipofmusic.zip then when a user comes to donwload their song, they click on download, then download.cfc queries db, gets order uuid, using userid and order id, and returns zip file to the user. there is no way for the user to guess the folder names and odnwlaod other music orders this could work, though my issue here is that the same track will be on the server x amount if times, and will soon fill the servers hard disk. #option 2 is for the tracks to be stored in the 'library', then when a user wants to download the order, the db is queried, and the zip file created at runtime to temp folder, and returned to the user. a concern here, that when are the zip files deleted from this folder. Also, the files will have to be called #ordernumber#.zip, so a user again could potentially add urls to their donwload manager and donwlaod them. would zipping files at runtime liek this be intense on server processing?. my thoughst are yes #option 3 there is no option 3 at the moment, i would be greatful in hearing how others have tackled this sort of site many thanks jamo --- You are currently subscribed to cfaussie as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED] Aussie Macromedia Developers: http://lists.daemon.com.au/
