[ic] Downloadable softgoods - my solution

Gabriel Cooper gabriel.cooper at mediapulse.com
Mon Jul 14 17:00:28 EDT 2003

Russell Mann wrote:

>I don't want to allow open Indexes.  This would compromise security on the
>products.  Do you have open indexes for this solution?
I do a PERL readdir() to grab the list of files in the directory then 
pump them out as links on a generated HTML page. Either way (yours, 
where the list is compiled or mine, where the list is generated) they 
still know the filename. The important thing is that they can't do 
anything with that information.

Though, even if the user knew the exact path to the document (which the 
user doesn't, in either case), how would he get access to it without 
logging in and thus validating himself? e.g. if you knew the file was 
physically located in 
/home/sites/mysite.com/digitaldocs/sku123/my_secure_document.doc, how 
would you get to it illegitimately?

More information about the interchange-users mailing list