Rule # 8: employ a secure download system

Delivering Digital Content Securely

The first thing your download system should do is obfuscate where images are coming from. Easy, two ways...

Delivery inside a zip file has the added benefit that you can add other files to promote your brand awareness/special offers. Just add a README.txt

Sending the bytes in a HTTP Response can deliver files one at a time with no reference to source location being betrayed. This C# snippet below for a (wav audio) file download pops up the Windows file save as dialog showing just the filename.


	HttpContext.Response.ContentType = "audio/x-wav";
	 HttpContext.Response.AppendHeader("Content-Disposition", "attachment; filename=" + System.IO.Path.GetFileName(path).Replace(" ", "_")); //the replace is needed!
	HttpContext.Response.TransmitFile(path);