cherosoullis VIP
Total posts: 165
12 Май 2014 21:20

Since I am not that exprert I was wantering how secure is Pay to download field. We have the option to specify subfoler. Shouldn't the folder be placed outside our side root for security reasons. Is this possible and if yes what we should enter as a value in specific subfolter?

Thanks in advance.

Последние изменения: 13 Май 2014


Sergey
Total posts: 13,748
13 Май 2014 05:22

It is absolutely secure. This was a whole purpose of the field, to provide secure file storage.

Files are stored with encoded names and those names are never displaied to anyone. So user do not know how to create direct URL to file. And even if he knows, you should protect that folder with htaccess and forbid any file direct access.

<Filesmatch ".*">
order deny,allow
deny from all
</Filesmatch>

And files will be availale only through index.php which fully control to send file or not depending if user purchased or not.

Работает на Cobalt