On Mar 9, 2006, at 6:57 PM, Marty Knapp wrote:
I'm wanting to set up a situation where people can download an
update of my program via a "download update" menu script, but keep
the URL from being known. I was tinkering with the revGoURL ftp
route, but my username and password show up in the browser history,
which is, of course, not good!
I've been reading the docs about all the URL stuff. I took a look
at the Tutorials from So Smart Software and I'm getting more, not
less confused. It seems like there's a lot of options, though the
difference between them isn't clear to me yet. Basically I need to
protect myself from people just downloading the software who
haven't paid, but make it easy for those who have paid to download
the latest version. Because it's a low-dollar item I can't afford
to be manually processing stuff - I want my computer & web site to
take care of 99% (that's why they made computers - right!?).
There are two things to consider. FTP is pretty open. If you give
someone the FTP URL, that IS the FTP URL. It is pretty difficult to
hide that URL. So whatever you do, you have to assume that payees and
non-payees will see the URL.
My suggestion is that you have a web page that is public that
contains some static data. Your app would query that as it's download
update. There would be the latest version number in plain text and
some other data that is encrypted. Your app would decrypt the
download data (if it is the paid version assuming there is a
difference between paid and unpaid) and the decrypted data would have
some obscure URL. It would go to the obscure URL to actually download
the latest version. The unpaid version would not be able to decrypt
the information and would thus not be able to see the obscure
download URL. Maybe once a week, move the latest version to another
location and alter the static file to match.
You could have the FTP server require a login with their reg code as
either their user name or their password. I think you could add bad
reg codes to the list on the FTP server and reject them, preventing
them from downloading. I think you can do that in the .htaccess file
on the FTP server.
Summary:
1. have there be a difference between paid and unpaid copies.
2. use that difference to decode a static web page that has the
latest version URL encrypted on it.
3. use the FTP server permissions to prevent pirated reg codes from
getting upgrades.
Kee Nethery
_______________________________________________
use-revolution mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
