Sign in to follow this  
Followers 0
Pottery

Secure downloads

7 posts in this topic

Is there any way to make downloads more secure? I'm making a downloader for my website so that I don't have to sit there and send the files to people after they paid for them and then again if they lose the file or need to re-download it for some reason. I'm worried about the link though, if someone were to get their hands on the source code they would find the link.. so is there any way to do this differently?

On the GUI, you have to type in a special code given to you after the payment and it would download from http://example.net/files/yourkeyhere. So is there any more secure way of attempting this?

Share this post


Link to post
Share on other sites



you could write a registry key on the first run of the program, then at any point if they need to redownload it, it could compare the registry to the link, if they don't match or the key is not present, then someone is trying to cheat.

However, if for some reason someone buys a new computer and formats, then the registry key is gone.

Maybe it is something to build on though?


010101000110100001101001011100110010000001101001011100110010000

001101101011110010010000001110011011010010110011100100001

My Android cat and mouse game
https://play.google.com/store/apps/details?id=com.KaosVisions.WhiskersNSqueek

We're gonna need another Timmy!

Share this post


Link to post
Share on other sites

you could write a registry key on the first run of the program, then at any point if they need to redownload it, it could compare the registry to the link, if they don't match or the key is not present, then someone is trying to cheat.

However, if for some reason someone buys a new computer and formats, then the registry key is gone.

Maybe it is something to build on though?

If they decompile it the link would still be visible though :S

I was thinking maybe use a unique key as a password for the file download, not sure how that would work though.

Share this post


Link to post
Share on other sites

Furthering that idea, is it possible to password protect a file download; for example requiring a password when you go to http://example.net/files/something.exe?

Share this post


Link to post
Share on other sites

There are so many things you can do to try and protect, but the problem will always persist. Even multi-million $ software companies lose out to pirates.

You could compress the exe into a password protected rar or zip file

You could have a password protected website

you could make a combination of many types, but the more hoops people will have to jump through just to get the software, the less likely they will follow through.


010101000110100001101001011100110010000001101001011100110010000

001101101011110010010000001110011011010010110011100100001

My Android cat and mouse game
https://play.google.com/store/apps/details?id=com.KaosVisions.WhiskersNSqueek

We're gonna need another Timmy!

Share this post


Link to post
Share on other sites

I found a way where cracking the client won't do anything, thanks for your suggestions ;).

Share this post


Link to post
Share on other sites

I guess this would be a task for php ;). Password protect the download directory with .htaccess. Dynamically add the users to the .htpasswd file, use the users Email address as the username. This way you can track if a certain user suddenly downloads the file 100 times from different IP-Addresses and kindly ask em how this could happen :)...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0