[ic] Downloadable softgoods - my solution

Russell Mann tech at khouse.org
Mon Jul 14 13:29:26 EDT 2003

> >Products DB has a field 'download_files' which has a space
> delimited list of
> >the files found in /download_dir/<SKU>/*
> >
> Why require the product-admin to type in a big list of files? Presumably
> any file in the SKU/ directory is downloadable. In my implementation
> (which was an extra-interchange PERL script), anything, including
> subdirectories are allowed. My customer needed to deliver chapters of
> manuals, each with MPEGs an JPGs that were numerous enough that they
> needed to be in subdirectories to be manageable. Just be sure your
> implemenatation doesn't allow them to put in "../" in any applicable
> data fields :)

I don't want to allow open Indexes.  This would compromise security on the
products.  Do you have open indexes for this solution?

> That's a pretty good idea, though I wonder whether it is necessary.
> (Maybe it is for your implemenation and not mine?) In mine, since I'm
> going through the PERL script I simply pipe the files they want out to
> the browser prepended with "Content-type: < guess_media_type() >".. All
> control access to the file is through the script. The user never
> actually accesses the file directly. Besides, the documents aren't in
> the WWW nor <StoreName> directories so in theory they wouldn't be able
> to get access any other way (/Please/ correct me if I'm wrong in this
> assumption!).

For my implementation, the person downloads the file directly via an HTTP
connection through Apache, which is due to the download server being
different than the IC server.

> I'm curious as to whether anyone has ideas for how to tell when a file
> has been successfully downloaded. e.g. What if they download it and
> their computer freezes up? How can the session let me know the download
> failed? Or more importantly, succeeded? That way I don't have to give
> them this open-ended window of infinite downloads for X amount of time.

That's why I give users a 7 day window.  A few customers have emailed
because they couldn't get it in this amount of time, so all I have to do is
go in the user_downloads DB and de-select the "flag_key_created" tinyint
checkbox.  Then when the user logs in again, the symlink is recreated and
they have 7 more days.



More information about the interchange-users mailing list