Page 1 of 1

Downloadable Applications

Posted: Fri Jun 24, 2005 10:43 am
by Crashin
I am building a shopping cart from the ground up for the software company I work for. Among other things that will be available in our store will be our software applications. Up to now we've shipped all of our apps. on CDs, however we want to implement a system where users will be able to download the software directly from our site upon purchasing. Does anyone have any experience with developing a system like this? I'm not looking for code, but rather a high-level discussion of the best practices for implementing such a system, in terms of security and pitfalls that may have been encountered by others during their development experience.

Any ideas/thoughts are greatly appreciated!

Posted: Fri Jun 24, 2005 10:54 am
by timvw
Apart from the selling system you have already there isn't much you need to add.

Things to consider:

How long is the customer allowed to download the file?
What happens if the download fails?
How many times is he allowed to (re)try downloading?

Posted: Fri Jun 24, 2005 11:06 am
by Chris Corbyn
Well there are other things to take into account such as where will the files be stored?
How can you make sure that people don't share links to the files?

... uhmmm... my mind gone blank but there's plenty to consider.

Posted: Fri Jun 24, 2005 11:17 am
by Crashin
Thanks for your thoughts, timvw. I've already given thought to the first and third questions you presented, and the "powers that be" here are leaning toward a download limit as opposed to a time limit. I wanted to use both, but it was decided that the customers should be able to download in their own timeframe. So, I lost that argument.

I hadn't considered downloads failing, though. Our applications are fairly small in size (< 10 MB), so in my mind the frequency of download failure likely isn't going to be high enough such that download resumption would need to be included. HOWEVER, I think it would be best to add it if it didn't add significantly to development time.

So, my more specific questions right now are:

1. Are there any popular methods for protecting/hiding the location of the file to be downloaded? Obviously, I don't want to simply redirect the user to the file upon validating that they should be allowed to download it (no link sharing, you naughty user, you!).
2. Are there any popular methods for file download resumption upon failure? (Thanks, timvw!)