Hi there,

Just before I roll my own, I wanted to check whether there was any support for secure downloads? i.e. At the moment our downloads can be downloaded anytime if you know the exact download URI.

I was going to implement my own secure download page, which would validate that the user is authenticated and whether they had access to that download (i.e. have ordered and paid for it).

Thanks.
D.

Well its not that insecure. Every time you purchase a new product you get a unique opvId for that download. Yes that can be downloaded by anyone who knows it but to be fair if someone can share the link they can also share the downloaded file with someone else you can't stop that. But you are right it is a security risk and should check if the right user is logged in or not.
I would let the developers decide if its worth the effort :-)

Just set 'customersettings.downloadableproductsvalidateuser' setting to 'true'

Andrei, I suggest that there should be a running list of all the setting with just a one liner description on the developer documentation page. Sometimes I am surprised how capable nopC is and we even don't know many things yet. This would also make it easier to search in the descriptions.
It would be difficult but for one time only after that only any new setting can be added to it.

Thanks for the replies. Yeah, after posting I discovered that setting after carefully checking the download code, I haven't got round to checking it works but by looking at the code, it does exactly what I had in mind.

I agree, it would be a good idea to make it clearer of what all the global settings mean and document it as suggested. I only discovered this setting after looking through the code.