Jedeye
asked on
Supplying digital content over the web
I want to start supplying digital content over the web - some would be paid for and some would be free. I am comfortable with basic website design but I know little or nothing about ecommerce or how to actually offer secured downloads etc.
Can anyone walk me through a basic how-to and supply some advice on how to go ahead with my project?
Can anyone walk me through a basic how-to and supply some advice on how to go ahead with my project?
ASKER
Thanks routinet -
As far as basic website design - I can lay a page out using CSS and HTML (divs) and create static content, links etc. - but I have no real experience with dynamic content. I make most of my living supplying bespoke desktop apps to business clients - but web stuff is still a relative mystery to me.
I realise that I will need a cart (and my Hoster provides one out of the box) but that is about it.
When you say I will need to keep the content somewhere not accessible from the web - would password protected folders on my site do for this? or does it need to be something else?
I have no idea what a proxy download is - or come to that - how a normal download would work.
I have distributed Winform applications to clients using MS Clickonce technology - but this was on a very limited basis with a couple of regular clients.
I am not looking for an education in all of this (500 points wouldn't cut it) - but I could do with some good links to training and especially video demos etc
As far as basic website design - I can lay a page out using CSS and HTML (divs) and create static content, links etc. - but I have no real experience with dynamic content. I make most of my living supplying bespoke desktop apps to business clients - but web stuff is still a relative mystery to me.
I realise that I will need a cart (and my Hoster provides one out of the box) but that is about it.
When you say I will need to keep the content somewhere not accessible from the web - would password protected folders on my site do for this? or does it need to be something else?
I have no idea what a proxy download is - or come to that - how a normal download would work.
I have distributed Winform applications to clients using MS Clickonce technology - but this was on a very limited basis with a couple of regular clients.
I am not looking for an education in all of this (500 points wouldn't cut it) - but I could do with some good links to training and especially video demos etc
First thing's first - you need experience with a server-side language. There are many available, some easier than others, and the learning curve will depend a bit on your background. Since you are just starting out with no clues, I would recommend trying your hand at some basic PHP stuff. Out of the gate, it is the easiest to learn, easiest to work with, and works regardless of your platform. http://www.php.net/manual/en
As a basic primer, dynamic content differs from static in one vital way - what processes the request. In a vanilla static request, the web server (IIS, Apache, etc) gets the request, finds the file relative to the site's root directory, and sends its contents as the response. BTW, that is exactly how a file download works also...it's just that file downloads typically come with a content-type header indicating a download, as opposed to, say, text/html, which indicates content a browser will render. With any server side language, the web server gets a "handler", or another program that handles specific types of requests. For example, with PHP, all *.php files are sent to the PHP application instead of being processed by the web server itself. The same concept applies to PHP, classic ASP, ASP.NET, Python, Perl, etc. That other application (the handler) is responsible for generating the response, and possibly the response headers (like 200-OK, 301-Moved, etc). So, once you're in the handler, you're really just coding an application geared towards creating an HTML/CSS page dynamically as its result.
As far as protecting the content, I mean inaccessible from the web - it is not available through any URL, protected or not. The only access to it is through your application. By proxy download, I mean that instead of giving someone a URL like http://mydomain.com/download.zip, you give someone a URL like http://mydomain.com/download.php?file=download.zip. That download.php should read the current session, verify the user, verify the user's rights to the file, and if everything checks out, physically open the file and send it. As long as your content is available on the web, it will be at risk.
For someone with no background in web applications, this can be a significant undertaking. Keep hope, though...overall, the individual parts are not that difficult. The HTML/CSS is just like you would expect from static pages, just that it is being generated on the fly. The business logic is just like you would expect from stand-alone desktop development, just that much of your environment is determined by the request. Otherwise, same stuff. The only real new information you need is the language you choose, and how it interacts with the web service.
Your first task is to decide on a language. As I said before, I recommend PHP because it has a very low learning curve. It is also dependable, and performs well under pressure. There are also web frameworks you can use to ease your development. ASP.NET is really a framework built on top of the .NET language. Regardless of the language you choose, there is a framework out there if you want one.
As a basic primer, dynamic content differs from static in one vital way - what processes the request. In a vanilla static request, the web server (IIS, Apache, etc) gets the request, finds the file relative to the site's root directory, and sends its contents as the response. BTW, that is exactly how a file download works also...it's just that file downloads typically come with a content-type header indicating a download, as opposed to, say, text/html, which indicates content a browser will render. With any server side language, the web server gets a "handler", or another program that handles specific types of requests. For example, with PHP, all *.php files are sent to the PHP application instead of being processed by the web server itself. The same concept applies to PHP, classic ASP, ASP.NET, Python, Perl, etc. That other application (the handler) is responsible for generating the response, and possibly the response headers (like 200-OK, 301-Moved, etc). So, once you're in the handler, you're really just coding an application geared towards creating an HTML/CSS page dynamically as its result.
As far as protecting the content, I mean inaccessible from the web - it is not available through any URL, protected or not. The only access to it is through your application. By proxy download, I mean that instead of giving someone a URL like http://mydomain.com/download.zip, you give someone a URL like http://mydomain.com/download.php?file=download.zip. That download.php should read the current session, verify the user, verify the user's rights to the file, and if everything checks out, physically open the file and send it. As long as your content is available on the web, it will be at risk.
For someone with no background in web applications, this can be a significant undertaking. Keep hope, though...overall, the individual parts are not that difficult. The HTML/CSS is just like you would expect from static pages, just that it is being generated on the fly. The business logic is just like you would expect from stand-alone desktop development, just that much of your environment is determined by the request. Otherwise, same stuff. The only real new information you need is the language you choose, and how it interacts with the web service.
Your first task is to decide on a language. As I said before, I recommend PHP because it has a very low learning curve. It is also dependable, and performs well under pressure. There are also web frameworks you can use to ease your development. ASP.NET is really a framework built on top of the .NET language. Regardless of the language you choose, there is a framework out there if you want one.
A couple more comments:
1) Once you have a language, make sure you create some kind of logging capability if you don't have an IDE. With PHP, that comes from the error_log directive. In ASP.NET, you would theoretically be developing from Visual Studio, which has debugging. Most of the languages I know typically write their error logs to the server's error log, which is inconvenient, at best.
2) Once you actually start developing, I highly recommend starting with Firefox as your browser. Get the Firebug add-on. In overall usage, that add-on is second only to my text editor, and a close second, at that.
1) Once you have a language, make sure you create some kind of logging capability if you don't have an IDE. With PHP, that comes from the error_log directive. In ASP.NET, you would theoretically be developing from Visual Studio, which has debugging. Most of the languages I know typically write their error logs to the server's error log, which is inconvenient, at best.
2) Once you actually start developing, I highly recommend starting with Firefox as your browser. Get the Firebug add-on. In overall usage, that add-on is second only to my text editor, and a close second, at that.
ASKER
Thanks again Routinet
This gives me a start.
Given what you have said - I think it would be best for me to make a start by setting up a content download facility (for non-critical content) - like most people I learn best by doing.
I am still not entirely clear on where critical content should reside - am I right in thinking that if I hold it on the hosting server - but in a folder that is not under any site root - then it will be secure from general web access?
Also - your comment:
" BTW, that is exactly how a file download works also...it's just that file downloads typically come with a content-type header indicating a download, as opposed to, say, text/html, which indicates content a browser will render."
Can you say any more about this? perhaps point me at an example somewhere?
I am pretty competent at coding using vb.net (and c# although I prefer verbose rather than terse languages) and I use Visual Studio every day so it might be best to think in terms of asp.net for server side programming - but would there be any benefit in learning PHP as well??
This gives me a start.
Given what you have said - I think it would be best for me to make a start by setting up a content download facility (for non-critical content) - like most people I learn best by doing.
I am still not entirely clear on where critical content should reside - am I right in thinking that if I hold it on the hosting server - but in a folder that is not under any site root - then it will be secure from general web access?
Also - your comment:
" BTW, that is exactly how a file download works also...it's just that file downloads typically come with a content-type header indicating a download, as opposed to, say, text/html, which indicates content a browser will render."
Can you say any more about this? perhaps point me at an example somewhere?
I am pretty competent at coding using vb.net (and c# although I prefer verbose rather than terse languages) and I use Visual Studio every day so it might be best to think in terms of asp.net for server side programming - but would there be any benefit in learning PHP as well??
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Very happy with the help given
ASKER
Many thanks Routinet - wish me luck
Absolutely good luck to you, and don't hesitate to come back when you hit the inevitable roadblock. I'm not the person to ask about ASP.NET, but there are plenty of other experts here for that topic.
The basics are...well...basic. You need some kind of cart - either commercial, third-party, or home-grown. Ideally, you'll want to process credit cards, which means signing up with a processor such as Authorize.net. Make sure the cart can talk to the processor properly.
All of your content should be in a place not accessible from the web. Whether that is on your servers or somewhere in the cloud, it needs to be accessible only from your application. When a customer makes a purchase, you'll have a record of that via the cart. The actual download should check that record, verify the content being requested, and serve it through a proxy download. The free stuff could work within that system, or you could just put it in a more "practical" place available for normal download.
Questions?