Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Selling Files: Keeping the File Location Secret

Status
Not open for further replies.
RustyMason

RustyMason

Programmer
Dec 14, 2000
4
0
0
US
I have a site that I want to sell files (.pdf, .doc, etc.) from. All of the solutions I've tried so far expose the file's URL. But, I want to hide the actual location of the files to keep non-paying customers from accessing them. I could make a temporary file for the paying user, and put it in his directory, but that seems like too much work. How can I do this on my site using Perl?

Thank you,
Rusty
 
Sort by date Sort by votes
You can use a cloaking script, which is called with a set of arguments, which can firstly verify the user can download the file, together with the name of the file. Such as

/cgi-bin/cloak.cgi?user=someone&file=hidden.pdf

The hidden.pdf file can then be stored in any directory you like and only the cgi script will know it.

To add security, as some CGI directories, if not set correctly, can allow unscrupulous users to read the cgi code, you can store a config file in another directory which cannot be seen by the outside world, and use that to hold the name of the directory where hidden files are.

As an example, on one of my sites I have the following top level directories:

/cgi-bin
/conf
/download
/html

The scripts are all in /cgi-bin, and standard html are in /html, which are the only 2 directories readable via the web server. On load up I read a config file in /conf, which then tells me where inside the /download directory the required file is.

HTH,
Barbie. Leader of Birmingham Perl Mongers
 
Upvote 0 Downvote
Barbie,

Here's what I ended up doing:

#!/usr/bin/perl -w
#
#testpdf.cgi

$real_doc_path = "/usr/users/bclinton/public_html";
$doc = "$real_doc_path/ReadMe.pdf";
print "Content-Type: application/pdf\n\n";
open (IMAGE, $doc);
while (<IMAGE>){
print $_;
};
close (IMAGE);
exit;

Then, when a user is sent to
the pdf doc will display below, and only the URL for the script (testpdf.cgi) will show in the address bar; The real location of the pdf document is hidden inside the script.

I had tried this before posting my question, but it didn't work because I was using the http path instead of the real path to my pdf file. (duh)

Fortunately, I don't have a problem with anyone being able to read my cgi-bin directory or scripts (at least, not that I know!) via browser.

Thank You,
Rusty
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rob54321
  • Question
Perl how to read line from file with interpolation 1
Replies
6
Views
174
rob54321
rob54321
Limbomusic
  • Locked
  • Question
Perl files getting accessed directly
Replies
0
Views
66
Limbomusic
Limbomusic
newbie1238585
  • Locked
  • Question
Perl how to read string in csv file * as wildcard operator
Replies
2
Views
110
mikrom
mikrom
Dino_1000
  • Locked
  • Question
Use the perl debugger to dump all the data in a string variable
Replies
0
Views
78
Dino_1000
Dino_1000
Anurag Sinha
  • Locked
  • Question
calling perl script on click of the button
Replies
0
Views
67
Anurag Sinha
Anurag Sinha

Part and Inventory Search

Sponsor

Back
Top