MarketPress product downloads. Can you disable direct access to original uploaded files?

I uploaded a PDF which will be sold on my MarketPress site. It resides here on my server:
http://www.example.com/wp-content/uploads/2013/03/My_PDF.pdf

Once someone purchases the product, they are given this link like this to download:
http://www.example.com/store/products/book-1/?orderid=fa71699fcbfa

The unique URL for the order works great but I am a little concerned that the original file is still accessible *if* someone has the direct link. I know it's not likely but I am curious if there is any way to lock this down?

Thanks

  • aecnu
    • WP Unicorn

    Greetings brightfire,

    Thank you for the great question.

    The unique URL for the order works great but I am a little concerned that the original file is still accessible *if* someone has the direct link. I know it's not likely but I am curious if there is any way to lock this down?

    I must admit that it will be highly unlikely they could ever figure out the URL without the ability to browse the directories which indeed some hosts do not stop.

    With that in mind an htaccess can prevent directory browsing of your hosting account if indeed it is allowed: Options All -Indexes

    That will certainly put the hurt on them guessing the download area and also add something to each file name like My_PDF001045.pdf for example making it even more difficult and just short of impossible to get the files exact name.

    That should do the job for you.

    Thank you for being a WPMU DEV Community Member and have a GREAT upcoming weekend!

    Cheers, Joe

  • aecnu
    • WP Unicorn

    Greetings hpidriver,

    That is indeed a great question and one would need to test it out to see if in fact there is an issue - however, though I am completely aware of this method long before ever hearing about WPMU DEV, it can be complicated for users to figure out and actually cause more issues.

    Have you indeed tested this out?

    For those interested in testing this the download URL would be in a format similar to this:
    http://username:password@domainname.com/path/filename.zip

    Please advise.

    Cheers, Joe

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.