I suspect the answer to my question is no, and if so, I'd love to hear suggestions on how to get around that drawback.
To further explain, I have pages on my site that require paid access. On those pages will be links to PDF files that are available for downloading. I had planned to upload the files right on the page using the upload tool (or in the File Manager). I tested both out and apparently if you have the URL for the uploaded file, you can access the file without paying, even without being a member of my community. I also assume the files will be indexed by Google and may appear in search results. This is not good.
So, is there a way to secure uploaded files from within Ning (i.e. set file privacy so only paid members, or even just members, can access it if they go directly to the download link)?
Hey, Alyssa. I thought that these URLs shouldn't be accessible unless you are a paying member, but let's double check this. Can you share the URL of that page? Were you signed out of your network when you tried to access that page with Paid Access turned on for that page?
Hi Eric. Thanks for your response. The problem isn't the page; it's the uploaded files, linked on the page.
For example: The page is here. It prompts the user to pay for access, as expected. But on that page, I have a link to a PDF. It's that file I want to secure and make sure it's not accessible by members (or non-members) who are not paying. This is the URL to that PDF file.
Yes, John, that is my point. Enjoy the newsletter, BTW! :)
Hey, Alyssa. I'm finally back. (BTW, your newsletter looks great.)
I've been digging into the details on this. My apologies if I didn't have a definitive answer right away, but I wanted to check with our product folks and others here who work on this feature. I did some testing, looked into the history of this feature, and compared that with the work we're doing right now to improve the Paid Access feature.
So, first things first: I was incorrect about this detail. It does not include a specific authentication of a member at the time of download, so this URL that links to this file, while quite hidden behind a string of random-ish letters and numbers, could potentially be shared with a non-paying member. We do check for members who try to access that page, but we don't check for specific types of downloads or put up an additional wall, so to speak. I would think that in practice you would probably see very (very) few instances of this type of sharing, but it is possible.
Second, we did consider this type of protection for Paid Access, but we weren't able to include it in the first version of the feature. We may still add this type of protection and have worked up plans for it, but it's not available right now. It wouldn't take a ton of extra work, but it's not trivial, either. It simply needs to be prioritized. One of the difficulties around this is knowing how many people are using Paid Access specifically to sell content like this. Your raising this issue as one of those people who are trying to use Paid Access in this way makes a difference, so thank you for bringing it up. It's already raised the visibility of this feature enhancement request.
It may not be worth much, but I wanted to at least raise the point that many Internet services work in this same manner (including paid services like Flickr, I believe). But, I can absolutely see how you would want to keep what you consider valuable under lock and key. I do know that there are PDF to Flash converters that some organizations use in situations like this. To be honest, as a consumer and reader, those aren't wonderful solutions to me.
In summary, I don't have a great answer to this for you, but I have taken your conversation as an opportunity to try and bump up this feature enhancement in our list of priorities. And, if I have more updates or can think of an easy workaround, I will try to share those. Of course, we are open to hearing your feedback, so feel free to let me know what you think. Whether this is a complete deal killer for you or merely an annoyance that you wish were more comprehensive, we'd like to hear your opinion.
Thanks, Alyssa! I will check this out and get back to you.
Thanks for your detailed response, Eric. Having uploaded files secured and available only to paying members is definitely a key feature of Paid Access for my business. In fact, I can't imagine I would ever use Paid Access in a way that didn't involve providing some kind of download on the protected page.
I'm not as concerned about paying members copying the URLs and distributing the paid access files, but I am concerned that my uploads could be indexed by Google, and people who aren't even members of my community could essentially grab the content I will be charging for. Not a good thing! If you have a suggested workaround for this part of the issue, I'd love to hear it.
So, to answer your question, yes, not having secured uploads may be a deal breaker for me. I'm sure I could find an alternate way to secure the downloads once people get to the paid page (password protection, third-party hosting), but that feels awfully cumbersome, especially as a startup with limited funds and limited time. And, of course, I want the experience to be as smooth and agreeable for my members as possible.
I hope this gets moved up on the list of priorities for development. I have a handful of premium pages/content I'm getting ready to roll out in early 2012!
Thanks again, Eric.