Safeguarding your files

Let’s say you have your own domain. You have uploaded files, say, photos, and you intend to sell access to those photos. You don’t want to give access to anyone who doesn’t pay. All you want is to sell access to photo sets by email, not start a member’s area where someone could have full access to all the files you might have.

If you’ve read this far, you probably aren’t sure how to go about this. There are a lot of ways to do it, many of them requiring a fair amount of technical expertise.

I’m going to skip around those and give the one that is the easiest to use that I know of.

Let’s say I have a domain named mydomain.com. The URL of that domain is http://mydomain.com. If I have an ‘images’ folder, as many people do, the URL would be http://mydomain.com/images/. If you have an image in there named myimage.jpg, the URL of that image is http://mydomain.com/images/myimage.jpg.

The first thing you need to do is check to see what happens if you go to that /images/ directory by typing in the address http://mydomain.com/images/. It is often the case that typing in a folder name will by default send you to an index page you have in that folder. But if you don’t have an index page in that folder (because maybe you didn’t put one there), depending on how your server is set up by your host, you may see a default directory page that has clickable links to all your images.

This is a bad thing, as anyone who knows you have an /images/ folder (or anyone who guesses you have one) can see everything you have in there. You may want to contact your host to see if they will change that, or you can simply create and upload a blank index page.

Open Notepad (Start=>Accessories=>Notepad), select File=>Save As. In the window that pops up, choose where you want to save it on your computer first, so you won’t forget where you put it. Type index.html in the “File name” box. Change “Save as Type” from “Text Documents (*.txt)” to “All Files”. Then click Save.

Upload the file into any directory that doesn’t already have an index file of some sort.

Now, let’s say you want to sell someone a set of files named reddress1.jpg, reddress2.jpg, and reddress3.jpg. You may want to sell multiple sets. It’s really convenient to name them like that, because it makes it easy for you to see what you have and work with it. But it also makes it easy for someone else to guess what else might be there. So if someone who bought Set 1 guessed that Set 2 contained reddress4.jpg, reddress5.jpg, and reddress6.jpg, then typed those in, they could very well find them. They might also go looking to see what you named your other photo sets, based on your sales info.

Obviously that’s way too easy. Here’s what I do. I append a random string to the end of the file or folder I am giving access to, using PassUtils, a free password generator. Unzip it and install it. To use it just open and uncheck the “punctuation box”, because having punctuation in a filename can mess up opening that file. Create as many passwords as you like. Then right click each password and copy the password to your clipboard. Rename your files one at a time by right clicking in a Windows ‘Save As’ or ‘Open’ window, or in FTP, by right clicking and selecting ‘Rename’. The name will be selected. Hit the right arrow to put the cursor to the end of the file name, between the file name and the file extension. Type an underscore ‘_’ or hyphen ‘-’, then copy in the random string.

The goal is to change the file ‘reddress1.jpg‘ to ‘reddress1_6cYm2FTg.jpg‘. Now you can still read what the file contains based on what you named it, but nobody can possibly guess correctly what you named it to access it without permission.

You can also do the same thing with folders containing multiple images. If you sell a single set of images in a folder named /Set1_6cYm2FTg/, nobody can guess the folder name, and you can still give the photos easy names inside the folder.