Even if your web site does not hold any national security document you should take the security of your web site seriously. This is especially important if you are selling products on your web site.
A typical setup is that you have one or more sales pages for your product and when a prospect clicks on an order link they are redirected to PayPal, 2CheckOut or some other payment processing service. This setup is good for several reasons, the most important being the fact that you avoid having to deal with credit card numbers and other sensitive customer information. So far in 2007 there have been published reports of more than 89 million identity records exposed from data breaches. See the Identity Theft Resource Center for some really scary reading. Leaving data theft worries to companies who specialize in handling financial information is a great strategy for most small businesses.
But that does not leave you totally in the clear. If you are selling a digital product that the customer can download immediately after the purchase, you need to ensure that the product is protected. There are many ways that web site owners inadvertently leave their valuable products unprotected - making them available for free to anyone who knows where to look.
The three most common mistakes are:
1. File identifiers simple to deduce.
If 'AdWords Secrets' is the title of your book, don't create a file name called AdWordsSecrets.pdf. It would be too easy for people to guess the URL to download your book that way if the URL is www.example.com/AdWordsSecrets.pdf, or something similar.
At least add a version number or a date into the filename, e.g. AdWordsSecrets_v42.pdf or AdWordsSecrets_20070707.pdf. This will make it much more difficult to guess the filename and the URL.
2. Indexing the product itself or the download page is the function of search engines.
With an increase in efficiency of today's search engines it has become quite difficult to keep any website a secret from search engines. Even without public links accessing your product download page there are other ways for a search engine to discover it and index it. After it has been indexed anyone using that search engine will find your product download page information in their search results, making them able to download your product without charge.
You should regularly check what each search engine knows about your web site. In most major search engines you can use the site: operator, e.g. site:example.com, to get a listing of all the pages on your web site that have been indexed.
3. Improperly configured robots.txt
If you place the text file robots.txt on your web server it will guide search engines to the contents they should be indexing and let search engines know what content should not be indexed. This prevents search engines from indexing the web pages you want to keep hidden, but since any curious web surfer can see the robots.txt file, they may be able to more easily identify your products. If a web surfer notices that you are not allowing search engines to look in the /downloads or /report directories, they'll know that these directories may contain the items they want.
It is important to maintain the proper balance between protection of your files and directories in robots.txt and not allowing too much information about the structure of your site out.
Selling digital products online is a great business.
A typical setup is that you have one or more sales pages for your product and when a prospect clicks on an order link they are redirected to PayPal, 2CheckOut or some other payment processing service. This setup is good for several reasons, the most important being the fact that you avoid having to deal with credit card numbers and other sensitive customer information. So far in 2007 there have been published reports of more than 89 million identity records exposed from data breaches. See the Identity Theft Resource Center for some really scary reading. Leaving data theft worries to companies who specialize in handling financial information is a great strategy for most small businesses.
But that does not leave you totally in the clear. If you are selling a digital product that the customer can download immediately after the purchase, you need to ensure that the product is protected. There are many ways that web site owners inadvertently leave their valuable products unprotected - making them available for free to anyone who knows where to look.
The three most common mistakes are:
1. File identifiers simple to deduce.
If 'AdWords Secrets' is the title of your book, don't create a file name called AdWordsSecrets.pdf. It would be too easy for people to guess the URL to download your book that way if the URL is www.example.com/AdWordsSecrets.pdf, or something similar.
At least add a version number or a date into the filename, e.g. AdWordsSecrets_v42.pdf or AdWordsSecrets_20070707.pdf. This will make it much more difficult to guess the filename and the URL.
2. Indexing the product itself or the download page is the function of search engines.
With an increase in efficiency of today's search engines it has become quite difficult to keep any website a secret from search engines. Even without public links accessing your product download page there are other ways for a search engine to discover it and index it. After it has been indexed anyone using that search engine will find your product download page information in their search results, making them able to download your product without charge.
You should regularly check what each search engine knows about your web site. In most major search engines you can use the site: operator, e.g. site:example.com, to get a listing of all the pages on your web site that have been indexed.
3. Improperly configured robots.txt
If you place the text file robots.txt on your web server it will guide search engines to the contents they should be indexing and let search engines know what content should not be indexed. This prevents search engines from indexing the web pages you want to keep hidden, but since any curious web surfer can see the robots.txt file, they may be able to more easily identify your products. If a web surfer notices that you are not allowing search engines to look in the /downloads or /report directories, they'll know that these directories may contain the items they want.
It is important to maintain the proper balance between protection of your files and directories in robots.txt and not allowing too much information about the structure of your site out.
Selling digital products online is a great business.
Source...