 |
UbercartOne cart to rule them all... |
|
| Donate to Ubercart | Affiliates | ||
Where to place download directory on a shared host hosting account?
Submitted by r00tk1ll on Tue, 06/24/2008 - 09:02
Reading through the documentation I noticed that the manual recommend sites that plan on selling downloadable content to place the downloads directory outside of the web root. But what about those of us on a shared hosting account, all we have access to generally (GoDaddy) is the web root. So where do we place this directory and what permissions should be applied? Thanks
Hmm... I'm not too sure, so I'll invite others to chip in here. One thought I'd have would be to make a folder in your files directory w/ a funny name (i.e. customers probably won't guess it) and use .htaccess to restrict access to files in that directory. You can view Drupal's default .htaccess to see where it restricts access to certain file types and add the necessary limitations for your downloads. Anyone know if there are holes in this method? For real, they only give me ftp access to my html directory, no higher. I can however create folders at a higher level using php exec functions, but I dont know how solid it would be to do this. Just an idea, if I made a php script that utilized the exec() function and created a directory 1 level higher than my webroot, then created a link within my webroot to that could that be a doable solution or just as risky, seeing as the link still resides where all the drupal files are. Has no one else run into a hosting server that only allows ftp to the webroot? Somehow, even with using exec(), I doubt GoDaddy has their servers set up where you have write-permissions outside your FTP/Site root. Keeping the download directory outside of the web directory is an easy fool-proof method for ensuring no one can download your files except through uc_file. However it's not the only way. Ryan is right that you can easily come up with a non-obvious directory inside the web root protected via an .htaccess file. Something like: Options -Indexesin the .htaccess file should prevent anyone from viewing the directory contents (if they guess its name) and pulling files via HTTP even if they know a valid file name. I will probably end up going with that, but I have confirmed I have RW access to anywhere in my user (~) directory. The catch is I only have ftp access to web root and am confined within it. Now just for conversation sake, if I were to create a directory higher up, could I upload files to it and point UC to serve from this directory? Just a thought ----------------------- Oh yeah 1 more thing, Wow, surprising. Whether or not it would work depends on whether the running apache process (and thus the PHP running uc_file) has RW permissions on the folder. I'm not that familiar with GoDaddy's Apache configuration to say for sure, but I think the owner set automatically via FTP process is the same owner when the apache process serves files from your hosting space. In which case, it would work. I guess you can test it out to see. As far as the permissions, I believe 744 will be fine for the file directory if you wish to read/write to it.
|
|
Joined: 06/12/2008