Restricting file downloads

I’m confused about the correct way to “protect” file download links when presented in a specific post/page sald via a paypal button.

I’ve created my first of these buttons and the first sale came in just now. I’d tested everything w/success yesterday but the customer irately explained that none of the download links worked.

I had placed links to files within the S2 member protected directory — and when i did my testing i was logged-in so…

Now, i’ve moved the files to a public folder and all is ok, but obviously this makes it too easy for anyone to just copy the download url and be gone.

Am I missing something, or is there no security at all on such lnon-member access pages?

your public folder can be protected with a compliant .htaccess file in the folder.

Hello James,

I’m kind of confused as to what you want to achieve. :/
Basically you want to offer file downloads in posts/pages that are protected with s2Member’s specific post/page restrictions?

And you only want them to download the file if they have access to that specific post/page right?

– Eduan

I want to be able to offer restricted page access as well as make it less EASY for the person buying to share the download link with the world.

In other words: The specific page/post is a url that expires — i thought that the url to anything linked as a download would be as well. That’s why I assumed I could link from within the s2member folder.

I realize that even if the download url were to expire, the customer could still download the item and post on the internet for all-time — but that is much more difficult than simply giving away the url to the customer — a url that will work as long as the file is on the server.

I guess I don’t get what the point is of restricting page access if the url to the downloadable — the main thing one wants to “restrict” is simply given away.

Well I guess this was not too well received ;-)

Sorry for the criticism guys — it’s just that the specific page/post option is really only good for selling just that: an article. I think it’s a bad idea to promote it in the s2member docs as “a great way” to present purchased downloads.

The wise thing to do is simply make the page protected via standard access restriction ;-)

The wise thing to do is simply make the page protected via standard access restriction ;-)

Yes, for this specific instance, you will want to just use Level Access Restrictions, or Custom Capability Access Restrictions. You can sell these and Users cannot share links to restricted content without sharing login details. But then again, what’s to prevent Users from sharing access that way, other than s2Member’s IP Restrictions (if you have them set up)?

You could use either method, but if you’re already having Members sign up, it would (most likely) be simpler to use Custom Capabilities or Level Access Restrictions.

Thanks Bruce — I just wanted to make sure i wasn;t using the special post/page feature incorrectly (ie, newbie).

I’m doing it with caps now.

The name of the game is UN-facilitating sharing of content — making it less convenient. Studies show that people are far less apt to share when they need to lend a password or zip and ftp a file etc.

I would love to see an s2m feature that issues an expiring scrambled link to something within the protected files folder!

~J

I would love to see an s2m feature that issues an expiring scrambled link to something within the protected files folder!

I’ll put this in a vote for this in the future. I believe there may already be something like this in the works. :-)