How to secure these links from being shared?

  • Resolved John Mulligan

    (@john-mulligan)


    7 years, 8 months ago

    Hi, First of all, thanks for creating a slim and elegant way to link to S3 for downloads. It has minimal confusing settings and it does what it needs to do! I have been able to successfully link to my bucket and add a download to a product. The link in the email the customer receives to download the file works great. Perfect!

    I’m a little new to this S3 thing and I was wondering, how can I protect these links from being shared? I was able to copy the email link from one account and email it to another and then download the file from S3 again.

    I realize that an end user could just email the files themselves, etc, but I don’t want someone hot linking to my S3 and running up my bill.

    Thanks again,

    John

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author Emran Ahmed

    (@emranahmed)

    Hello John,

    Actually it’s secure if you do not give public access to files from s3.
    There is an expire time for each download url, it will auto expire after 1 hour. If you want to increase or decrease this expiry time programmatically, please check this source code: https://github.com/EmranAhmed/woo-product-download-from-amazon-s3/blob/master/woo-product-download-from-amazon-s3.php#L519 and use ea_wc_amazon_s3_download_expire_time filter to change it. ??

    Thank you very much ??

    When you say the download URL will auto expire after 1 hour, does that mean the customer only has one hour to download their purchase? For example, if they buy now, and don’t download until the next day, will it work?

    Plugin Author Emran Ahmed

    (@emranahmed)

    Nope, to prevent sharing download url(s) to others only Download URL will expire, not your client purchase or anything else ??

    Thank you

    So the “Download Expiry” setting doesn’t do anything? I thought if I set it to “15”, then the customer has 15 days to download before the link expires.

    I don’t understand why there would be any need to patch the code when there is an expiry setting in the product data section which has a default setting of “unlimited” unless you specify number of days.

    • This reply was modified 7 years, 6 months ago by cheepnis.

    Yes, all this terminology is very confusing, I agree!

    Emran, do you have any clarification on this?

    Plugin Author Emran Ahmed

    (@emranahmed)

    Download Expiry time generate auth url for S3, I just used 1 hour time, but you can use any time like 5 min, 10 min etc. Download Expiry means when you download a file then it generate a url which valid for 1 hour, after 1 hour you can’t download with those url, You need to login your woocommerce account page and click on downlaod product.

    I’m sorry, but your explanation really didn’t help shed any light on the issue.

    Let me rephrase it and see if I have it correct:

    You are saying that the initial link generated immediately at the time of sale is good for only one hour if the customer decides to download from the email link sent upon completion of the sale. However, AFTER one hour, the customer can still log into their account in the store and download the file(s) within the time periods I SET in the product description below (in my case, within 15 days and 3 attempts).

    I have been entering in hundreds of products for download with the anticipation that my customers have 3 attempts in 15 days to download the products, based upon these settings. I’m becoming VERY worried that I have wasted my time! :O

    The settings that I refer to:

    https://www.mst3k.org/sca_cap.PNG

    • This reply was modified 7 years, 6 months ago by cheepnis.
Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘How to secure these links from being shared?’ is closed to new replies.