Secure downloads

[Pottery]

Is there any way to make downloads more secure? I'm making a downloader for my website so that I don't have to sit there and send the files to people after they paid for them and then again if they lose the file or need to re-download it for some reason. I'm worried about the link though, if someone were to get their hands on the source code they would find the link.. so is there any way to do this differently?

On the GUI, you have to type in a special code given to you after the payment and it would download from http://example.net/files/yourkeyhere. So is there any more secure way of attempting this?

[kaotkbliss]

you could write a registry key on the first run of the program, then at any point if they need to redownload it, it could compare the registry to the link, if they don't match or the key is not present, then someone is trying to cheat.

However, if for some reason someone buys a new computer and formats, then the registry key is gone.

Maybe it is something to build on though?

[Pottery]

you could write a registry key on the first run of the program, then at any point if they need to redownload it, it could compare the registry to the link, if they don't match or the key is not present, then someone is trying to cheat.

However, if for some reason someone buys a new computer and formats, then the registry key is gone.

Maybe it is something to build on though?

If they decompile it the link would still be visible though :S

I was thinking maybe use a unique key as a password for the file download, not sure how that would work though.

[Pottery]

Furthering that idea, is it possible to password protect a file download; for example requiring a password when you go to http://example.net/files/something.exe?

[kaotkbliss]

There are so many things you can do to try and protect, but the problem will always persist. Even multi-million $ software companies lose out to pirates.

You could compress the exe into a password protected rar or zip file

You could have a password protected website

you could make a combination of many types, but the more hoops people will have to jump through just to get the software, the less likely they will follow through.

[Pottery]

I found a way where cracking the client won't do anything, thanks for your suggestions .

[KaFu]

I guess this would be a task for php . Password protect the download directory with .htaccess. Dynamically add the users to the .htpasswd file, use the users Email address as the username. This way you can track if a certain user suddenly downloads the file 100 times from different IP-Addresses and kindly ask em how this could happen ...