Securing You Info Products
Security For Information Product Sales Sites
Nick Dalton
Even if your web site does not hold any national security document you should take the security of your web site seriously. This is especially important if you are selling products on your web site.
Copyright © 2008
The Trii-Zine Ezine
www.ezines1.com
Keywords: Internet business, Internet security
Nick Dalton
Even if your web site does not hold any national security document you should take the security of your web site seriously. This is especially important if you are selling products on your web site.
A typical setup is that you have one or more sales pages for your product and when a prospect clicks on an order link they are redirected to PayPal, 2CheckOut or some other payment processing service. This setup is good for several reasons, the most important being the fact that you avoid having to deal with credit card numbers and other sensitive customer information. So far in 2007 there have been published reports of more than 89 million identity records exposed from data breaches. See the Identity Theft Resource Center for some really scary reading. Leaving data theft worries to companies who specialize in handling financial information is a great strategy for most small businesses.
But that does not leave you totally in the clear. If you are selling a digital product that the customer can download immediately after the purchase, you need to ensure that the product is protected. There are many ways that web site owners inadvertently leave their valuable products unprotected - making them available for free to anyone who knows where to look.
Here are the 3 most common errors:
1. File identifiers simple to deduce.
If the title of your e-book is 'AdWords Secrets', then don't name the file AdWordsSecrets.pdf. It is just too easy to guess that the URL for downloading your e-book might be www.example.com/AdWordsSecrets.pdf
Making numbers such as a version number or date (example = AsWordsSecrets_v24.pdf, or AdWordsSecrets_20170606.pdf) as part of the filename will make the filename and corresponding URL much more difficult to figure out.
2. Google creating a catalog of either the item or related page.
With an increase in efficiency of today's search engines it has become quite difficult to keep any web site a secret from search engines. Even without public links accessing your product download page there are other ways for a search engine to discover it and index it. After it has been indexed anyone using that search engine will find your product download page information in their search results, making them able to download your product without charge.
It is important to frequently survey what information the search engines have on your site. Most of the larger purveyors have an operator command, e.g. site: example.com, which will detail everything about that location that a web spider has crawled over and stored.
3. An inadequately constructed Robots.txt
robots.txt is a text file that you can place on your web server to guide search engines to what content they are allowed to index and what is off limits. While this may prevent most search engines from indexing your secret web pages, it opens up another vulnerability: any curious web surfer is able to view your robots.txt file. If the file explicitly forbids search engines from looking in the /downloads or /report directories, then it's very likely that's where the secret files are stored. With this knowledge the web surfer can more easily find your product and download it for free.
It is important to maintain the proper balance between protection of your files and directories in robots.txt and not allowing too much information about the structure of your site out.
Digital products are a great item to sell online. Be sure that you are getting paid for the items you have put the time into creating by using the guidelines listed above. These will help you be successful.
The Digital Security Report is a step by step guide to protecting your digital products. For this, and more articles about Internet security and Internet business in general go to Nick Dalton's blog at http://www.TipsTricksToolsTechniques.com/.
Reprinted with permission:But that does not leave you totally in the clear. If you are selling a digital product that the customer can download immediately after the purchase, you need to ensure that the product is protected. There are many ways that web site owners inadvertently leave their valuable products unprotected - making them available for free to anyone who knows where to look.
Here are the 3 most common errors:
1. File identifiers simple to deduce.
If the title of your e-book is 'AdWords Secrets', then don't name the file AdWordsSecrets.pdf. It is just too easy to guess that the URL for downloading your e-book might be www.example.com/AdWordsSecrets.pdf
Making numbers such as a version number or date (example = AsWordsSecrets_v24.pdf, or AdWordsSecrets_20170606.pdf) as part of the filename will make the filename and corresponding URL much more difficult to figure out.
2. Google creating a catalog of either the item or related page.
With an increase in efficiency of today's search engines it has become quite difficult to keep any web site a secret from search engines. Even without public links accessing your product download page there are other ways for a search engine to discover it and index it. After it has been indexed anyone using that search engine will find your product download page information in their search results, making them able to download your product without charge.
It is important to frequently survey what information the search engines have on your site. Most of the larger purveyors have an operator command, e.g. site: example.com, which will detail everything about that location that a web spider has crawled over and stored.
3. An inadequately constructed Robots.txt
robots.txt is a text file that you can place on your web server to guide search engines to what content they are allowed to index and what is off limits. While this may prevent most search engines from indexing your secret web pages, it opens up another vulnerability: any curious web surfer is able to view your robots.txt file. If the file explicitly forbids search engines from looking in the /downloads or /report directories, then it's very likely that's where the secret files are stored. With this knowledge the web surfer can more easily find your product and download it for free.
It is important to maintain the proper balance between protection of your files and directories in robots.txt and not allowing too much information about the structure of your site out.
Digital products are a great item to sell online. Be sure that you are getting paid for the items you have put the time into creating by using the guidelines listed above. These will help you be successful.
The Digital Security Report is a step by step guide to protecting your digital products. For this, and more articles about Internet security and Internet business in general go to Nick Dalton's blog at http://www.TipsTricksToolsTechniques.com/.
Copyright © 2008
The Trii-Zine Ezine
www.ezines1.com
Keywords: Internet business, Internet security
Comments
No comments yet
Add Comment