storage/security concerns for a music download service

[Guest]

Mornin peeps.

We're in the process of creating a legal music downloading service. Fairly
simple. People can either buy 1 track or a number of "credits" to buy several
tracks.

My concern is how do we secure the actual MP3 files on the server, to make
sure people pay for them before downloading. Obviously, they have to be in a
directory somewhere, so I how do I protect that direct from just being
navigated to from IE / ftp? Is there another way of storing them?!

When someone clicks a download link, I need to make sure the status bar
doesn't say something like "opening /live/mp3s/trackname.mp3".

Any thoughts on this?

Cheers


Dan

 

[Hermit Dave]

Well why do you need to have it in a directory. If you are so fussed about
security store it in a database
you can use image datatype to store just about anything.
make sure people pay for it and then read from the sql server and write it
to the response.

http://aspalliance.com/articleViewer.aspx?aId=138&pId=
This deals in upload code. At the bottom in Conclusions section you will
find code for download. Just swap images for mp3s

I know it might be an overkill and do some test code before jumping into it.
A Large file size might screw up sql performance so do some tests and see
what others say.

--

HTH,

Regards,

Hermit Dave
http://hdave.blogspot.com