So, I just ran into this problem, when I thought everything

So, I just ran into this problem, when I thought everything was all set and secure as it can be. We're selling PDF comics and magazines. If someone buys one, and their browser is set up to display a PDF in it...when they "Download" the product, it then shows up in their browser with the exact URL of the product...which they can then copy and paste and share with everyone. I know this cause someone tweeted the URL to our latest issue, then asked how they found out the URL - because I was sure we were set up that download links do not show the actual URL of the downloadable product.

They were nice and let me know that that was how it got delivered to them...it opened in a new tab in their browser instead of downloading as a file. So I tested this, turned on a plug in in my browser so it can open pdf files in the browser, and boom, there it was, the URL of the product...and the PDF looked great in the browser as well, but...if we wanted people to just read it....free....I'm sure you see the problem clearly.

How do we assure that this never ever ever happens????

  • Patrick

    Hi there @AIPman1

    I hope you're well today!

    If someone knows the exact URL to the product download, there's really not much MarketPress can do to prevent them from getting the download, except for limiting how many times the thing can be downloaded.

    You can set the download limit under Products > Store Settings > Miscellaneous Settings.

    I hope this helps! And thanks for being a member :slight_smile:

  • AIPman1

    Did you actually understand what I am saying? People can easily find out that URL and tell everyone in the world what it is, if the PDF can open in a browser instead of downloading as a file. Which is exactly what happened. If THAT can't be fixed, then there is no sense having PDF downloads at all..and changing them all to be in a zip file, people do not want to buy zip files. there has to be another solution to this or using marketpress to sell publications is a 100% waste of time.

    if people can find out the URL of the purchased PDF, they can share it, plain and simple. If there is no way to prevent a PDF from being viewed in a browser window, then anyone can pirate the URLs by buying one copy, viewing it for the URL, then sharing it.

  • Sajid

    Hi @AIPman1

    Hope you are doing good today :slight_smile:

    I got your point and I am flagging developer to get their invaluable feedback on this matter.

    Also we are working on MarketPress 3.0 that will be out really soon with lots of bug fixes and cool features.

    If you want to get the glimpse of what it will have then you can try our beta2 release. But we do not recommend to use it on production/live sites until the stable version will be released. However you can test it out on your dev/staging site for testing purposes.

    You can download it from our announcements thread.
    https://premium.wpmudev.org/forums/topic/the-next-super-fantastic-marketpress-30-beta-is-here

    Take care and have a nice weekend :slight_smile:

    Cheers, Sajid

  • AIPman1

    Yea, aware of the upcoming release. However, I actually found the solution to this problem over the weekend, and it's as simple as adding an .htaccess file to the folder you want to keep people from opening the files from to force the download. I just was able to test this and it works.

    this is what to put in the .htaccess file (adjust for whatever file extensions you need.)
    AddType application/octet-stream .avi .mpg .mov .pdf .xls .mp4

    the behavior I have described is not a bug, it is not a feature that will be added to anything...but the information on how to protect your download folder so that people who have PDF viewing turned on in their browser, can be forced to download the PDF so they can't see the URL of the product and then share it...should be in the set up notes of your shopping cart - this needs to be stressed so that people know how to protect their content.

  • Sajid

    Hi @AIPman1

    Hope you are doing good today :slight_smile:

    Thanks for sharing the solution with community. We will try to add this feature in upcoming release so members should not add it in .htaccess.

    I will also flag usage writer to add this instructions on project page too. So other members can use this code to prevent opening files in browser.

    Take care and have a nice day :slight_smile:

    Cheers, Sajid

  • AIPman1

    Cool, and another point on it: Many people like to put their downloads into folders outside the normal structure of Wordpress, as I do. Any feature added that would accomplish this without adding an .htaccess to a folder, would need to be able to name and protect ANY folder the store owner designated. For me, I use multiple ones...to keep my titles and supplier companies, organized. But for now, the .htaccess method and protection, you guys should let your whole community know, maybe in an article or such, that if they sell download products and DO NOT do this, then right now, ANYONE with PDF viewing on in their browser, is currently able to see their URL to their products. This protection is THAT important to anyone selling digital downloads.

  • Sajid

    Hi @AIPman1

    Hope you are doing good today :slight_smile:

    Thanks for your bringing this into our attention. I am passing this information to my senior colleague to take necessary steps.

    Also you can make separate ticket for each feature request and post in Features and Feedback forum. We always appreciate feedbacks from our valuable members of community.

    Take care and have a nice day :slight_smile:

    Cheers, Sajid

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.