how can i hide source of files(external server)

Hi,

The link provided is the download link in HikaShop. And when the customer uses it, HikaShop checks the payment and then redirect to the link of the download. At that point the customer can indeed get the download link and share it so that others can use that link and bypass that check.
That's why we recommend to not enter a download link and instead upload the file in HikaShop. That way, HikaShop will send the data of the file when the HikaShop download link is used, just after the check. That way, there will be no way to download the file unless you purchase the product.

Hi,

I'm not following you.
If you want the downloads to be secure (no one else can use the link besides the persons purchasing the product), the download has to happen through your website. So in that case, either the file needs to be stored on the website, or the file has to be downloaded each time from the external server where you store it.
There is no other way.
Having a key in the link of the file doesn't mean that the link cannot be given to someone else so it's not really "secure" in the sense that people not having paid for it, can download it.
And if you store the files on an external server and have your website fetch them each time, it's put a lot of strain on the connection between the servers.
So in short, the safest method to send paid downloads and keep bandwith usage to a reasonable level is to store the files on the website, which is what we chose to do.
And even in that case, it's always possible to create a virtual hard drive linking to your external server so that your website (and HikaShop) sees the files as being local while they are fetched dynamically by the server. So that shouldn't even be a problem to have the files on another server with that method.

The link you gave of jDownloads doesn't mention encryption. But even so, I don't see how it can guarantee the security of the downloads without having the website itself sends the data of the file. The customers could simply give the decryption key and the link to the data separately to share the files in that case.

Hi,

I'm afraid that we won't install and try jdownload.

You want to hide a file stored in an external server ?
So you can create a custom plugin to do so and use the trigger onBeforeDownloadFile.
There you will be able to use any kind of algorithm or whatsoever you want to do in order to try to hide the source.
www.hikashop.com/support/documentation/6...onBeforeDownloadFile

Regards,

Hi,

That's not possible to hide that external URL unless your server is downloading the file itself and sending it to the customer.
And that is clearly not something we can integrate into HikaShop regarding all the problems it could generate.
It is also written very explicitely in the jdownload website

jDownloads use normally a PHP Script for submit the file. The exact place from the file is then also not to seen. With very big files (a few hundred MB), it may be true that it comes to timeouts. When you deactivate this option, the pure download link is sended to the browser for download the file
Watch out!: If the option deactivated, you must not activate the .htaccess in the TAB: Security!

So I am sorry but that specific "issue" won't be solve in the next release or other future release.
For the rest, I don't think I need to re-phrase what Nicolas already explained.

Now it exists methods to have temporally URL on external servers ; I have already perform some integration (with nginx or lighttpd web servers). The system is working fine and you clearly don't care if the external URL is available because that URL is generated dynamically and is working only for a short period of time and one for single IP address.

As an HikaShop partner ; even if I am also an official HikaShop developer, the fact you're using HikaShop starter or HikaShop business won't change anything at the problem.
The trigger exists in any edition and a custom plugin would work the same.

Now I am clearly not the only HikaShop partner and if you can't implement such custom plugin, you can contact an external developer (a partner www.hikashop.com/home/our-partners.html ; using the "commercial jobs" forum section ; or any other website/contact).

Regards,