secure download viz php/md5

Hi everyone,

I am fairly experienced with LSL, HTML, etc, and im looking to find a way to have a secure download, initiated from SL (with a purchase), then download onto the users desktop.

I'd really like to this as securely as possible, what would be the best ways to do this?

I know PHP is probably the way to go, and that md5 encryption is probably advisable.

Does anyone have any notes on this topic, or any good scripts to start me off with?

I must admit, this seems like a daunting task, but i figure a lot of it is probably cut and paste and edit at this point, since this is probably old hat for most users!

Thanks,
Compute Oh

Does your design allow the use of https?

Define "secure as possible".

Do you need to authenticate the user doing the downoload? Must the transmission itself be encrypted? Does the user doing the downlaod need to authenticate the source? Do you need protect the download against tampering?

MD5 isn't an encryption algorithm, it's a hash. For downloads, it's used to validate that what you received is what the supplier provided, i.e. protect against tampering. It doesn't do anything to protect against eavesdropping.

PHP isn't relevant with the given information. Where are you hosting the downloads? Most hosting services these days provide PHP, Ruby, sometimes Python or Perl. Windows hosting services may provide ASP or ASP.Net. You might find it easier to use a higher level content management system, such as Drupal. As far as the download is concerned, it doesn't really matter which you pick. What matters is which is easiest for you to implement, assuming you do it all yourself. Is there an end-user web site associated with this? If so, then use whatever you'd use for doing dynamic content on the web site.

I really havent firmed up what my overall design is going to be yet, still in the R&D phase (if you will)...

Do you think its wise to use that method as opposed to php?

Know any sources for info on using https with SL and LSL?

Yes.


preferably.

Probably not, as once the user is authenicated, the work is done.

This is where im not sure... What kind of tampering?

The idea is that once the user pays, they're shot to a secure download page (which would autmomatically trigger the dl), preferably, not the direct source of the download (i.e. renaming the file for the download/protecting the source files) sorry, not sure what the proper nomenclature is for some of this stuff...

Hope that doesnt come across as completely incoherent!

I probably should have started by asking some higher level questions. Specifically, what are you trying to guard against? The wrong people being able to use the download? Or just finding out what's in the download? Do you care if the intended user gives away copies? Do different users get the exact same thing?

It would also help to know what it is, a program, graphics, audio, some other sort of information? If it's a program, are you worried about someone getting a trojan horse instead of the real thing? Finally, how bad are things if someone breaks the security anyay? Do you lose a little money, a lot of money, or go to jail?

Let's start with some basics. When a someone buys something from you, all you really have to identify him are a name and the unique ID (UUID) for that SL account. Anyone can find the name, the UUID takes a small amount of skill, so you can't use those to authenticate the person outside of SL. Hence you need some other piece of shared information, such as a password. It's easiest if you generate it, give it to the user via IM, and send it securely to the web server. The user would go to the web site, enter the password, and you've authenticated. Alternatively, instead of authenticating the connection, you could just encrypt the data using that password, and send it to the user as a self-extracting, password-protected archive. You're still at risk from unscrupulous LL employees and security holes in SL. The SL side of this is relatively easy to do in LSL.

What you're really asking then is how to implement the web site (or perhaps all you need is an ftp site). This gets back to the question of where are you hosting it? Do you plan a full blown web site, or just this particular service? And do you have experience with any other scripting or programming languages? If you already know Python or Perl, for example, and your hosting service supports it, then there's no reason to learn PHP.

Hey Kidd, thanks so much for your attention, its much appreciated!

Basically, id like to set something up to have a very basic system, for say just a text file, for now.

As far as what happens once the buyer has that file, not to worried. They can give it to their friends, whatever. Its the actual location of that file that im concerned about protecting, so that no one will be able to simply put that URL in a browser and download it.

Im not planning on creating an entire website, i have the ftp site in place, so really, just a system. The way ive seen it work with others, (SL or not) is for there to be a subfolder with any files, and then when download is initialized, a new temporary file name will be created (as ive seen its some long alpha-numeric string). I assume this is simply some sort of mask, because in my experience, the file name gets corrected at the buyers end.

I'd prefer to prevent having to have the actual customer enter password, but having some sort of password embedded inside the script that would at least let the server know that proper connection had been made, would be nice.

Hope that makes sense... Thanks again for your thoughts!

Actually, as far as what im trying to send, lets assume its a zip file for now. The end cost to the user is going to be very cheap, so im not so worried about people passing this around after purchase.

But the main idea, is that when they pay, they will be connected to the download site, so at the most, they would have to do the copy work... They cant just send a link for download to each other...

I hope this all doesnt seem too naive! haha

You could just have the script generate a filename, pass it to the server in order to generate the file, and put it in the URL that you give to the user. When the user goes to the URL via their browser, the filename won't be encrypted. But unless you're charging a lot of money for this or you're dealing with national security, I really don't think you need to worry about the risk of someone eavesdropping on the connection to capture the URL.

I don't think that URLs over https get encrypted, but I'm not positive. I'm pretty sure that filenames over sftp are encrypted, but that probably makes more work for the users.

All you really need on the server end is something to accept the connection from SL to get the filename and create the file. You probably don't even need anything more than a vanilla web server or ftp server to deliver it, if you're relying on the file name for security. You could use either llEmail or llHttpRequest for the connection, and would have to hardwire the IP addresses for security. You could encrypt with a shared key if you wanted this connection secured, but that wouldn't affect the connection between the user and server. Personally, I'd use either Python or PHP, depending upon the circumstances.

If you have cheap access to an SSL certificate for running an https server, that would enhance the security.