Hiding download link in network traffic

Question

I have a program that will allow users to sell their digital products. When the customer has bought the download, they are given a direct link to download the product(download starts directly in the browser).

Response.Redirect("http://blah.com/blah");

The thing is, when the download starts, the link will appear in the network traffic of the browser. Is there a way to hide this from happening?

Thanks to all

Answer 1

Are you trying to prevent the download URL from being seen by someone eavesdropping on the network connection? You can use SSL for that.

Or are you trying to prevent the customer from seeing the download link and sharing it with friends, bypassing the purchase process? It's not feasible to prevent the user from finding out where his browser is downloading from. Instead, you should secure the download itself so that it can't be used by unauthorized people.

For example, you could generate a unique ID for each purchase, and append the ID as a query parameter to the download URL. That way you can check that each download request corresponds to a real purchase, and maybe forbid the same ID from downloading the file multiple times. Or, if there are logins on the purchase site, have the download verify that the logged-in user has purchased that file.

Answer 2

I am not aware of any way to manipulate a client's history (I assume that is what you mean by "network traffic of the browser"), and I believe that is a very good thing. Webpage's should not have the ability to change a client's logs of where he or she has been.

If you are just worried about people finding the link and redistributing it, maybe you shouldn't do a direct link, but instead use session to verify the request is from a paying customer. Once verified, then push the download to the user.