Best way to secure digital downloads?
Posted: Wed Jan 13, 2010 9:24 pm
What is the best way to secure access to digital files that you would like to make available for download like if you were selling a digital file (like a video) from your website?
My current implementation is this:
1) Someone buys my video
2) The buyer gets a url like this: http://www.mysite.com/download.php?token=<token>
3) The download.php script verifies that the given token is valid and that the max number of downloads using the given token is less than the max allowed (3 downloads).
4) The download.php script sets the header() to force a download then reads the video file from a non-web accessible folder on the server and echos the binary data out to the browser.
The problems I have with this are:
1) If the video file is large, the PHP script can run out of memory reading in the video file
2) If the video file is large and takes a long time to download the PHP script can time out before the download completes.
Rather than reading in the video file and echoing out the data to the browser, I could just put the video file in a web accessible folder and redirect the buyer to it. But the problems I have with that are:
1) A url like http://www.mysite.com/product/myVideo.mov does not always force a download and sometimes just plays in the browser
2) Someone could book mark the url and download the video as many times as they want or pass the link on to other people.
Are there any other solutions? What is the best way to secure a digital download, especially for large files? Thanks for the help!
My current implementation is this:
1) Someone buys my video
2) The buyer gets a url like this: http://www.mysite.com/download.php?token=<token>
3) The download.php script verifies that the given token is valid and that the max number of downloads using the given token is less than the max allowed (3 downloads).
4) The download.php script sets the header() to force a download then reads the video file from a non-web accessible folder on the server and echos the binary data out to the browser.
The problems I have with this are:
1) If the video file is large, the PHP script can run out of memory reading in the video file
2) If the video file is large and takes a long time to download the PHP script can time out before the download completes.
Rather than reading in the video file and echoing out the data to the browser, I could just put the video file in a web accessible folder and redirect the buyer to it. But the problems I have with that are:
1) A url like http://www.mysite.com/product/myVideo.mov does not always force a download and sometimes just plays in the browser
2) Someone could book mark the url and download the video as many times as they want or pass the link on to other people.
Are there any other solutions? What is the best way to secure a digital download, especially for large files? Thanks for the help!