Rule # 8: employ a secure download system
Delivering Digital Content Securely
The first thing your download system should do is obfuscate where images are coming from. Easy, two ways...
- package them in a zip file
- or deliver them in a HTTP stream
Delivery inside a zip file has the added benefit that you can add other files to promote your brand awareness/special offers. Just add a README.txt
Sending the bytes in a HTTP Response can deliver files one at a time with no reference to source location being betrayed. This C# snippet below for a (wav audio) file download pops up the Windows file save as dialog showing just the filename.
HttpContext.Response.ContentType = "audio/x-wav"; HttpContext.Response.AppendHeader("Content-Disposition", "attachment; filename=" + System.IO.Path.GetFileName(path).Replace(" ", "_")); //the replace is needed! HttpContext.Response.TransmitFile(path);