Posted by Brian McCauley on 06/05/05 22:12

John Bokma wrote:
> Jim J wrote:
>
>
>>Once that code or password has been used to download that one file
>>(and the same code/password can be used to access any one of the 100
>>files), it is then expired/deleted/made invalid and can't be used
>>again to download any other file.
>
>
> How do you know the download went ok? I wouldn't waste to much effort in a
> copy protection scheme (that is how it sounds)
>
> What sounds better: give a code that makes it possible to download one file
> during 24 hrs. So, as soon as you hand out the access code, you register it
> in a database + current time. When a file link is clicked, you store the
> name of the file unless the user/password combo has already something
> assigned. If it's the same file, and within the 24hrs, allow it, otherwise
> deny.
>
> Every day you delete all entries that are older than 24 hrs.
>
> You can use 2 stamps, one for moment of user/password creation, and one for
> the first download attempt. You can do then something like: if combo older
> than 3 days, delete it. If first download attempt was more then 8 hrs ago,
> the combo no longer can be used.

I agree with everything John said. I would add that your script
should not deilver the content directly but rather perform an
internal redirect within the server so that the server will
cope with restartable download properly.

[Back to original message]