Jump to content

Can you protect a PHP page from others?


SaranacLake

Recommended Posts

Hi.  I am working on a website that sells online subscriptions to premium content.  On the low end this includes articles, and on the high end guides and books.

In the back of my mind I had always planned on putting this content into MySQL for safe keeping, but in the last day or so it has occurred to me that putting an entire book into MySQL could be cumbersome at best?!

Which leads to this question...

Can you easily protect a PHP page from unauthorized users and outsiders?

My original desire to put things in MySQL was driven much more by security than any of the more obvious reasons you'd use a database.

I will be putting articles into MySQL, but the more I think about it, trying to put a 500 or 1,000 page book into MySQL could be difficult at best.

For articles, I simple have a PHP page that loads up the article from MySQL and first checks that the logged in user has the proper access rights - meaning they are a paid subscriber - before allowing the article to load.

I could do that with a guide or book, but the question becomes, "How do you put even 500 pages into a database table and easily access it?"

What do you think?

 

 

Link to comment
Share on other sites

11 minutes ago, SaranacLake said:

Can you easily protect a PHP page from unauthorized users and outsiders?

You had to log in to post this thread, didn't you?

11 minutes ago, SaranacLake said:

My original desire to put things in MySQL was driven much more by security than any of the more obvious reasons you'd use a database.

Probably not a good sign.

11 minutes ago, SaranacLake said:

What do you think?

If it was as simple as offering PDF downloads then don't bother with the database. But PDFs, and most other file types you might allow, don't do one very important thing: let you access the content directly. You must figure out exactly what the website needs to offer, both now and in the foreseeable future. If you wanted to sell downloads then that's one (easy) thing, but if you wanted to provide searching or previews or online reading then that's another (not as easy) thing.

A database can be an answer to a problem, but only if you understand what the problem itself is first.

Link to comment
Share on other sites

1 hour ago, requinix said:

You had to log in to post this thread, didn't you?

Yeah, but I figured it would be harder to hack the database than my php script.  I dunno - just trying to be secure.

 

1 hour ago, requinix said:

Probably not a good sign.

How so?

 

1 hour ago, requinix said:

If it was as simple as offering PDF downloads then don't bother with the database. But PDFs, and most other file types you might allow, don't do one very important thing: let you access the content directly. You must figure out exactly what the website needs to offer, both now and in the foreseeable future. If you wanted to sell downloads then that's one (easy) thing, but if you wanted to provide searching or previews or online reading then that's another (not as easy) thing.

A database can be an answer to a problem, but only if you understand what the problem itself is first.

My website sells content including articles, books and guides.  The books and guides are online content that you would access by logging in to the website after you pay for them.  No eBooks or PDFs at this time.

Articles on my website are already database driven.

I always assumed that I would do the same for books and guides and am getting ready to code that part of my website.  But in preparing to do so, it occurred to me that trying to serve up a 600 page book from a database is NOT the same as serving up a 5 page article!

For articles, I have a PHP page which serves as a page template and then populate the actual article by grabbing it from the database.  The article itself has already been marked up in HTML so it is plug and play.

I guess I could break up my book by chapters, but I'm not sure if a 30-40 page chapter would fit into a MySQL record.

 

Link to comment
Share on other sites

Hi SaranacLake,

Here is an idea you.

But first I want to tell you that, while I have written quite a bit of PHP code, I do NOT consider myself a PHP expert. On the other hand there are many individuals on this site who ARE experts.

I have written and offered content articles and books for quite a few years (15+). Mostly I used clickbank to accomplish the transaction. then the user would be routed to a DL page. Problem I ran into, again and again was that people would get the PDF book, then immediately ask clickbank for a refund - and get it.

So I switched to print-on-demand paperbacks.

Anyway, how about after the customer pays for a book, you generate a random number, and give it to them as a password for the your DL page. You can activate that PW behind the scenes and time-limit it so 2 hours later it does not work.

Would something like that work?

Also ......

You keep saying "security". Are you concerned that someone gets FTP access to your site and can DL anything?

Hope that never happens.

Best,

xphp

 

 

 

 

Link to comment
Share on other sites

44 minutes ago, xphp said:

Hi SaranacLake,

Here is an idea you.

But first I want to tell you that, while I have written quite a bit of PHP code, I do NOT consider myself a PHP expert. On the other hand there are many individuals on this site who ARE experts.

I have written and offered content articles and books for quite a few years (15+). Mostly I used clickbank to accomplish the transaction. then the user would be routed to a DL page. Problem I ran into, again and again was that people would get the PDF book, then immediately ask clickbank for a refund - and get it.

So I switched to print-on-demand paperbacks.

Not sure what DL is.

I decided on having online books for now because I am too paranoid about piracy of PDFs and eBooks, and print books are not profitable.

When a person purchases an online book from me, they will be given access to that online book via my website each time they log in.  I'm sure some people might try sharing their credentials with friends, but I have ways to identify that and take action as necessary.  I am not offer refunds, so once people buy the book, they own it.

 

44 minutes ago, xphp said:

Anyway, how about after the customer pays for a book, you generate a random number, and give it to them as a password for the your DL page. You can activate that PW behind the scenes and time-limit it so 2 hours later it does not work.

Would something like that work?

Not sure I follow what that accomplishes?

The way I have things designed, you can either buy a subscription and then get access to to all articles via your account.  In addition, you can buy an online book, and you are buying access to that single book in perpetuity.  But to read the book, you'll have to log in each time.  Just like you'd have to log in to read some other premium content on another website.

 

 

44 minutes ago, xphp said:

Also ......

You keep saying "security". Are you concerned that someone gets FTP access to your site and can DL anything?

Hope that never happens.

Best,

xphp

I just wasn't sure how hard/easy it might be for someone to circumvent the log in process.

If I have a book as a file out on my webserver, I am afraid that there may be lots of ways to get to that article and bypass my website and logging in.

i was thinking that if the book is served up from MySQL, then that might be harder to get to, because you would definitely have to be logged in and have access to the book in the database in order to view it.

Make sense?

 

Link to comment
Share on other sites

1 hour ago, xphp said:

I have written and offered content articles and books for quite a few years (15+). Mostly I used clickbank to accomplish the transaction. then the user would be routed to a DL page. Problem I ran into, again and again was that people would get the PDF book, then immediately ask clickbank for a refund - and get it.

If it's anything like credit card chargebacks then I feel bad for you, but it's an issue with the vendor. They need to provide a way for you to challenge refund requests, and you do so by recording downloads.

The user pays and gets the file, and when you serve the download you record that: date, file, user account, IP address, etc. When your processor notifies you of a refund, you fight back by showing them that the user received the service they paid for, then hope that the vendor accepts it and denies the refund.

Link to comment
Share on other sites

Thanks requinix,

Yes, I get what you say.

Clickbank has motto of "no questions asked" refund.

They do that because folks who sell "how to make money on the Internet" often badly oversell their wares and clickbank wants them to easily get refunds.

Thanks for responding.

I have been on this site for 1 day, and I love it already.

Best,

xphp

 

Link to comment
Share on other sites

19 minutes ago, requinix said:

If it's anything like credit card chargebacks then I feel bad for you, but it's an issue with the vendor. They need to provide a way for you to challenge refund requests, and you do so by recording downloads.

The user pays and gets the file, and when you serve the download you record that: date, file, user account, IP address, etc. When your processor notifies you of a refund, you fight back by showing them that the user received the service they paid for, then hope that the vendor accepts it and denies the refund.

Sorry .....  DL means Download !

Link to comment
Share on other sites

17 hours ago, SaranacLake said:

I decided on having online books for now because I am too paranoid about piracy of PDFs and eBooks, and print books are not profitable.

When a person purchases an online book from me, they will be given access to that online book via my website each time they log in.  I'm sure some people might try sharing their credentials with friends, but I have ways to identify that and take action as necessary.  I am not offer refunds, so once people buy the book, they own it.

And what is to stop someone from saving the content displayed in the webpage and sharing that just as they would with a PDF? Heck, the user can just "print" the web page to a file (PDF, HTML, etc.). Anything that is viewed on a webpage can be copied (even if you try to implement some javascript hacks - which you should NOT do). Storing the content in a database does nothing to prevent this type of tampering either.

Regardless of whatever method used to deliver your content (PDF or HTML) - it doesn't matter. I think your concern is about people directly accessing the content. That is easy to control - don't put the files in publicly accessible areas! Put them in a directory that is outside of the public folders. Your PHP files when being processed will be able to access the files, but a user could not access them through a URL. After you validate that the user can view a particular resource) just include the file in the output. That will prevent unauthorized access to the content from your web server. But, as stated previously, once you present content to a user, there is really nothing you can do to prevent them from copying/saving the content.

  • Like 1
Link to comment
Share on other sites

3 hours ago, Psycho said:

And what is to stop someone from saving the content displayed in the webpage and sharing that just as they would with a PDF?

Valid point, but it is much easier to download and share a PDF - which is a single file - versus a webpage with stylesheets and remote images and so on.

But, yes, anything you see can ultimately be stolen.  *sigh*

 

3 hours ago, Psycho said:

Heck, the user can just "print" the web page to a file (PDF, HTML, etc.). Anything that is viewed on a webpage can be copied (even if you try to implement some javascript hacks - which you should NOT do). Storing the content in a database does nothing to prevent this type of tampering either.

I don't disagree, but when I started this thread I was thinking more from the standpoint that maybe it is easier to navigate to webpages that you shouldn't have access to than to something stored in a database.

Since I always assumed that I would store my book in the database, I wasn't prepared on how to do it as a file.

So how exactly would I want to go about presenting a book that only paid users could see?

If I didn't use the database, I guess here is the approach iwould take...

- Take my formatted book from LibreOffice and convert it to a web page, or series of web pages, using HTML/CSS/etc.

- Embed that HTML inside a .php page.

- At the top of my script, have a function that compares the user's user_id against an entitlement table to see if they have access to the book.

- If yes, display the book/page.

- If not, display a message stating they need to purchase access.

Is that secure enough, or are there other measures that I could take to prevent unauthorized access?

 

 

3 hours ago, Psycho said:

Regardless of whatever method used to deliver your content (PDF or HTML) - it doesn't matter. I think your concern is about people directly accessing the content.

Yes, that was probably more of my concern in this thread.

 

3 hours ago, Psycho said:

 

That is easy to control - don't put the files in publicly accessible areas! Put them in a directory that is outside of the public folders. Your PHP files when being processed will be able to access the files, but a user could not access them through a URL. 

A-ha!  That is what I needed to hear. See, when my content was in the database, then I didn't have to worry about people accidentally navigating to it, and thus why I thought it was maybe more secure?

So I have an "outside-web-root" directory, and you are saying that I'd simply put my books there?

 

3 hours ago, Psycho said:

After you validate that the user can view a particular resource) just include the file in the output. That will prevent unauthorized access to the content from your web server. But, as stated previously, once you present content to a user, there is really nothing you can do to prevent them from copying/saving the content.

So do you just accept that fact, and move on?

Am I being too paranoid about people stealing my books and guides?

Also, would there be any benefits to storing books/guides in MySQL?  (I am dong it now for articles, and it seems so much easier to manage hundreds or thousands of articles in the database then a series of loose files!)

 

 

 

Link to comment
Share on other sites

28 minutes ago, SaranacLake said:

Valid point, but it is much easier to download and share a PDF - which is a single file - versus a webpage with stylesheets and remote images and so on.

Or I could just use the Print option and print the web page to a PDF file! In this case the decision on "HOW" to store the content is irrelevant from a security concern. Determien the best format based on the best delivery method for the user. Since the intent is not for the user to download for later use, then PDF is probably not the option. But, if I was a user on your site I would think it is pretty stupid that I can't download the content I paid for to read when it is convenient for me (i.e. on a plane for example). But, you just need to decide what makes sense for you. The security is irrelevant because each method can be adequately 'protected' from direct access: Static HTML, Dynamic HTML (from database) or PDF files. It just doesn't matter.

Quote

 

So how exactly would I want to go about presenting a book that only paid users could see?

If I didn't use the database, I guess here is the approach iwould take...

- Take my formatted book from LibreOffice and convert it to a web page, or series of web pages, using HTML/CSS/etc.

- Embed that HTML inside a .php page.

- At the top of my script, have a function that compares the user's user_id against an entitlement table to see if they have access to the book.

- If yes, display the book/page.

- If not, display a message stating they need to purchase access.

 

If you take this approach the Chapters/sections should just be the raw HTML markup. They should all use a common stylesheet. Here is a very generic example.

User goes to a url such as getbook.php?bookid=3&chapter=5 (a chapter/section id is only needed if the book is split up).

<?php

$bookId = intval($_GET['bookid']);
$chapter = intval($_GET['chapter']);

if (user has permission to $bookId)
{
    //Define path to the content
    $bookContent = "/my_secured_directory/{$bookId}/{$_GET['chapter']}.htm";
}
else
{
    //Error condition - redirect user to an error page
}
?>
<html>
<head>
//Include common stylsheet
</head>
<body>

//HTML that comes before the book output

<div id="book_content">
<?php include($bookContent); ?>
</div>

//HTML that comes before the book output

</body>
</html>

 

Edited by Psycho
  • Like 1
Link to comment
Share on other sites

3 minutes ago, Psycho said:

Or I could just use the Print option and print the web page to a PDF file!

True.  *sigh*

 

3 minutes ago, Psycho said:

In this case the decision on "HOW" to store the content is irrelevant from a security concern. Determine the best format based on the best delivery method for the user. Since the intent is not for the user to download for later use, then PDF is probably not the option. But, if I was a user on your site I would think it is pretty stupid that I can't download the content I paid for to read when it is convenient for me (i.e. on a plane for example).

You are not the first person to say this to me!!!

Okay, so help me to help you are a potential customer...

Offering eBooks is off of the table for the foreseeable future, because it requires me to learn quite a bit about creating eBooks plus it would require me to have to basically completely rewrite my book so the formatting works in that format.

I could offer PDF's in addition to my "online" books, because it would indeed give customers more of a sense of ownership, but I'd still likel to do all I can to lower the chances of piracy.

Any suggestions from either a business standpoint or a technical standpoint of how I could accomplish this and still allow people like you to have a copy of the book you bought with you?

 

 

3 minutes ago, Psycho said:

But, you just need to decide what makes sense for you. The security is irrelevant because each method can be adequately 'protected' from direct access: Static HTML, Dynamic HTML (from database) or PDF files. It just doesn't matter.

If you take this approach the Chapters/sections should just be the raw HTML markup. They should all use a common stylesheet. Here is a very generic example.

User goes to a url such as getbook.php?bookid=3&chapter=5 (a chapter/section id is only needed if the book is split up).


<?php

$bookId = intval($_GET['bookid']);
$chapter = intval($_GET['chapter']);

if (user has permission to $bookId)
{
    //Define path to the content
    $bookContent = "/my_secured_directory/{$bookId}/{$_GET['chapter']}.htm";
}
else
{
    //Error condition - redirect user to an error page
}
?>
<html>
<head>

</head>
<body>

//HTML that comes before the book output

<div id="book_content">
<?php include($bookContent); ?>
</div>

//HTML that comes before the book output

</body>
</html>

 

 

What I was thinking of doing is breaking my book up into chapters where each one would be a file.   So I guess we are talking about a similar approach.

 

On a side note, is there any benefit to putting my book into MySQL?  Even from a data management standpoint?

If so, what would be the best approach to take?  One of my books is nearly 1,000 pages long with tons of screenshots.  Not sure how to put that into MySQL in a practical way?  A chapter would be between 20-40 pages with images.  Not sure if there is a datatype to handle that?

 

Link to comment
Share on other sites

Users being able to download the book for offline reading is probably an important feature that could make/break sales, so it'd be a good idea to support it I think.  That also probably means providing  PDF's.

I'm not familiar with all the options, but I'm not sure there is much you can do to prevent someone from stealing a PDF.  I think adobe's reader supports some kind of DRM system but not sure.  Also not sure how that'd affect other readers.

The only thing you could really do I think is monitor the internet for copies of the PDF and submit take down requests when it's found.  I suspect you may be worrying about it more than you really need to.  In general people aren't that prone to stealing stuff.  Most people only resort to that kind of stuff if obtaining the item legally is made difficult (ie, too expensive, region locked, etc).  The most likely problem you'd have is just people sharing logins or the pdf among their friends/family, which is something you could probably do even less about.  If you could lock down the PDF in some way to a device or something, the user could just let their friend barrow their device.

Like with the security stuff, it's all a trade off.  This time between protecting your IP and ease of use.

4 hours ago, SaranacLake said:

On a side note, is there any benefit to putting my book into MySQL?  Even from a data management standpoint?

If you wanted to make them searchable, putting them in the database could help, but there are also other solutions for that.  As far as the contents of the books go I don't really see any compelling reason to go one way or the other.   It's kind of hard to provide much advice here without knowing more about what exactly your offering and in what way.  For example if you are going to go the route of PDF downloads your database could just consist of some metadata regarding the files for your site to use, then a location to the file on disk for downloading.  If you're going to go an HTML route with some templates, then storing the content in the DB may be easier and you could setup some kind of online editor where you could edit/create new content.

 

Link to comment
Share on other sites

30 minutes ago, kicken said:

Users being able to download the book for offline reading is probably an important feature that could make/break sales, so it'd be a good idea to support it I think.  That also probably means providing  PDF's.

I'm going to be 70 when I finally "go live" with this website...  😞

Backing up for a moment...

Does anyone here, see any value in having an "online" book, which would basically be a web page or a series of linked web pages making up a book?

The main reason I came up with this format is because for a technical book, I think reading things on a computer as a web page is superior to a PDF or a black & white eBook with no graphics.  (I have spoken with tons of people that can't imagine reading a book on anything other than a Kindle, but I think these people are the exception and likely fall into the trashy romance novel/fiction category.)

PDFs aren't too bad to read, but like I said earlier, my fear is it is much easier to pirate a single PDF file versus a 1,000 page book which might be spread across many web pages.  (And fwiw, @Psycho, there are ways to make it difficult to successfully PDF a web page if you want to be a jerk about it.  I know for a fact because it has taken me forever figuring out how to do WYSIWYG captures from sites like the New York Times!)

 

30 minutes ago, kicken said:

I'm not familiar with all the options, but I'm not sure there is much you can do to prevent someone from stealing a PDF.  I think adobe's reader supports some kind of DRM system but not sure.  Also not sure how that'd affect other readers.

A lot of non-technical people I have spoken to on this topic basically have told me to "Get over piracy.  Accept that it exists.  And focus on making $$$ by creating useful content."

What do you think about that topic?

 

 

30 minutes ago, kicken said:

The only thing you could really do I think is monitor the internet for copies of the PDF and submit take down requests when it's found.  I suspect you may be worrying about it more than you really need to.  In general people aren't that prone to stealing stuff.  Most people only resort to that kind of stuff if obtaining the item legally is made difficult (ie, too expensive, region locked, etc).  The most likely problem you'd have is just people sharing logins or the pdf among their friends/family, which is something you could probably do even less about.  If you could lock down the PDF in some way to a device or something, the user could just let their friend barrow their device.

Like with the security stuff, it's all a trade off.  This time between protecting your IP and ease of use.

True.

Fwiw, I don't want to make it "impossible" - just difficult enough that most people wouldn't bother.

 

30 minutes ago, kicken said:

If you wanted to make them searchable, putting them in the database could help, but there are also other solutions for that.  As far as the contents of the books go I don't really see any compelling reason to go one way or the other.   It's kind of hard to provide much advice here without knowing more about what exactly your offering and in what way.  For example if you are going to go the route of PDF downloads your database could just consist of some metadata regarding the files for your site to use, then a location to the file on disk for downloading.  If you're going to go an HTML route with some templates, then storing the content in the DB may be easier and you could setup some kind of online editor where you could edit/create new content.

Let's work backwards...

I wrote a 30 chapter 1,000 page IT/business book.  It has lots of formatting for readability and lots of screenshots.  Looks like most books you'd find in the computer section at Barnes & Noble.

I soon realized that have one PHP web page that is 1,000 pages/screens long would be a problem - and enough to short out a mobile device!!  😁

So next I came up with the idea of have one PHP file be the book cover.  The next PHP file being the Table of Contents (TOC).  And then each chapter would be a separate PHP file, estimating each chapter is maybe 20-30 printed 8 1/2" x 11" pages.  Each of these book components would be hyperlinked so it'd be like surfing the Internet in the 90s when it was still innocent and without any ads.

To add to this, I figured I would do like I do for my articles now, and store the marked up chapters in MySQL and then serve them up to my PHP page template to create a finished product.  That works for articles that are maybe 1-5 pages, but I'm not sure that there is a MySQL datatype that would hold 30 pages of HTML/content.  And if not, then how do you logically break up that 30 pages of chapter text into record/columns?

So maybe using the database doesn't makes sense...

I guess if I followed @Psycho advice above, I could simply use my PHP page template to authenticate them and then load the content from a file located *outseide* of the web root.

If I wanted to also offer a PDF, would I use a similar approach but instead of loading the PDF, maybe just provide a link to the file?

 

Link to comment
Share on other sites

Let's assume each of your pages contains 50 lines of 80 characters, that is 4,000 characters per page (12,000 bytes if utf8). Also that the largest chapter is 50 pages. This would give a requirement for each chapter of 600,000 bytes. That's too big for a TEXT type column (max 65000) but a MEDIUMTEXT type would have no problems (with maximum capacity of 16,777,216‬)

Your maximum packet size is probably 4,194,304 which would constrain your chapters to a maximimum of around 340 pages (enough for some books).

Link to comment
Share on other sites

3 hours ago, SaranacLake said:

Does anyone here, see any value in having an "online" book, which would basically be a web page or a series of linked web pages making up a book?

I'd say it depends on the type of book.  For something like a technical reference that's marked up and linked properly then sure, online may be a better scenario as people would probably be less inclined to be reading start to finish and instead jumping around to the information they need or want.

For something more story/native that's intended to be read front to back in order, I'd gather most people would not be reading it on a PC.  Most readers I know either stick to physical books or their phones/e-readers.

3 hours ago, SaranacLake said:

A lot of non-technical people I have spoken to on this topic basically have told me to "Get over piracy.  Accept that it exists.  And focus on making $$$ by creating useful content."

I'm not trying to sell stuff, but that's my general point of view on things as well.  Most attempts at stopping piracy I've experienced are counter-productive.  They don't do a great job at preventing piracy (someone breaks it eventually, and usually in relatively short order), but limit your non-pirating customers severely.  For example pretty much nothing the movie industry has tried has worked for very long but their attempts prevent me from easily creating a digital copy of the movies I buy for use on my HTPC though, which is a perfectly legal and reasonable thing to do. 

In my opinion, the best way to try and tackle the problem would be to

1) Make sure your product is easy to acquire for those who want it (reasonably priced, no region locks, etc)

2) Monitor the web for pirated copies and respond appropriately when you find them.

 

  • Like 1
Link to comment
Share on other sites

Amazon offers an app that helps you to create an e-book from a Word document. My 70-year old dad has published and is now selling at least 2 e-books on Amazon right now using it. I can ask what exactly the name was if you don't feel like googling it yourself.

If you're determined, however, I'd agree with pretty much everybody on this thread - put the files outside the webroot and serve them only after you run your account verification. If the user is determined to steal something off your website, there are so many ways to do it that no anti-theft practice is going to stop them. Sorry.

Link to comment
Share on other sites

10 hours ago, Barand said:

Let's assume each of your pages contains 50 lines of 80 characters, that is 4,000 characters per page (12,000 bytes if utf8). Also that the largest chapter is 50 pages. This would give a requirement for each chapter of 600,000 bytes. That's too big for a TEXT type column (max 65000) but a MEDIUMTEXT type would have no problems (with maximum capacity of 16,777,216‬)

Your maximum packet size is probably 4,194,304 which would constrain your chapters to a maximimum of around 340 pages (enough for some books).

So I would be able to store up to 340 pages in a MEDIUMTEXT data type?

If so, does taking that approach even make sense - to put one chapter in one column-row?

 

 

Link to comment
Share on other sites

10 hours ago, kicken said:

I'd say it depends on the type of book.  For something like a technical reference that's marked up and linked properly then sure, online may be a better scenario as people would probably be less inclined to be reading start to finish and instead jumping around to the information they need or want.

For something more story/native that's intended to be read front to back in order, I'd gather most people would not be reading it on a PC.  Most readers I know either stick to physical books or their phones/e-readers.

I guess normal people don't snuggle up with their computers to read a good book, eh?  😁

 

 

10 hours ago, kicken said:

I'm not trying to sell stuff, but that's my general point of view on things as well.  Most attempts at stopping piracy I've experienced are counter-productive.  They don't do a great job at preventing piracy (someone breaks it eventually, and usually in relatively short order), but limit your non-pirating customers severely.  For example pretty much nothing the movie industry has tried has worked for very long but their attempts prevent me from easily creating a digital copy of the movies I buy for use on my HTPC though, which is a perfectly legal and reasonable thing to do. 

In my opinion, the best way to try and tackle the problem would be to

1) Make sure your product is easy to acquire for those who want it (reasonably priced, no region locks, etc)

2) Monitor the web for pirated copies and respond appropriately when you find them.

 

Sounds like pretty wise advice.  So maybe I need to spend less time worrying about people stealing from me and more time just trying to sell things?

 

Link to comment
Share on other sites

1 hour ago, SaranacLake said:

If so, does taking that approach even make sense - to put one chapter in one column-row?

I was giving you an option in response to your earlier comment, viz...

14 hours ago, SaranacLake said:

That works for articles that are maybe 1-5 pages, but I'm not sure that there is a MySQL datatype that would hold 30 pages of HTML/content. 

I wasn't neccessarily recommending that approach. It depends on how you want to serve up the content to the users. If they a reading online, you may decide to serve it up page by page, storing individual page records (TEXT column).

Alternatively, store each book in an offline zip file (each chapter being a separate file inside, maybe) and the user can download the whole zipped book.

Link to comment
Share on other sites

6 hours ago, maxxd said:

Amazon offers an app that helps you to create an e-book from a Word document. My 70-year old dad has published and is now selling at least 2 e-books on Amazon right now using it. I can ask what exactly the name was if you don't feel like googling it yourself.

Not claiming to be an expert in this area, but when I researched it in the past it isn't as easy as a lot of fiction writers made it sound (to create an eBook).

Why?

Because the things I produce rely heavily on the visual aspect of things versus just text on a page like some romance novel.  My books are so large because I rely a lot on screenshots and graphics to communicate ideas about business and computers.  Basically my books look more like college text books than some paperback novel.

I'm sure there is a way to convert what I have to an eBook, but I think it would require me to do lots of research and reformat things as well.  All of that will be v2.0 or later.  But I will bow to others here and say that, yeah, I should probably offer a PDF version of my books along with the linine version so people have a greater sense of ownership in what they have bought, and so that they can read things offline, like on a plane trip.

 

6 hours ago, maxxd said:

If you're determined, however, I'd agree with pretty much everybody on this thread - put the files outside the webroot and serve them only after you run your account verification. If the user is determined to steal something off your website, there are so many ways to do it that no anti-theft practice is going to stop them. Sorry.

So you see no real benefit in storing my books in MySQL?  If so, is that purely because you see no benefits of protecting my books from piracy, or are there other reasons?

Not saying I won't just create HTML books and store them outside the web root, but I still wonder if there aren't other benefits of putting my books into MySQL including:

- Everything is consolidated in one area

- Ability to closely tie content and metadata

- Ability to use SQL to pull up content

- Possibly making it easier for users to search the book for certain text?

 

 

Link to comment
Share on other sites

9 minutes ago, Barand said:

I was giving you an option in response to your earlier comment, viz...

I wasn't neccessarily recommending that approach. It depends on how you want to serve up the content to the users. If they a reading online, you may decide to serve it up page by page, storing individual page records (TEXT column).

Alternatively, store each book in an offline zip file (each chapter being a separate file inside, maybe) and the user can download the whole zipped book.

If the MEDIUMTEXT data type could handle up to 50 pages of text, then I could conceivably create a table like this...

	BOOK
	*********
	- id
	- metadata fields
	- chapter_no
	- chapter_title
	- chapter_content
	- footnotes
	

 

Then I could populate a page template in PHP with a given chapter at a time.  Not sure if that makes sense - just researching the different ways to put my books online, and the pros and cons of each way.

 

Link to comment
Share on other sites

Something like this, perhaps

    USER
    *********                                            BOOK
    - user_id           ---+                             *********
    - metadata fields      |                     +-----  - book_id           ------+
    - chapter_no           |                     |       - metadata fields         |
    - chapter_title        |                     |       - title                   |
    - chapter_content      |                     |       - author                  |
    - footnotes            |                     |       - preface                 |
                           |                     |                                 |
                           |                     |                                 |
                           |                     |                                 |
                           |     SUBSCRIPTION    |                                 |          CHAPTER
                           |     ***********     |                                 |          *********
                           +     - id            |                                 |          - chapter_id
                           +---< - user_id       |                                 +--------< - book_id
                                 - book_id  >----+                                            - metadata fields 
                                                                                              - chapter_no 
                                                                                              - chapter_title 
                                                                                              - chapter_content 
                                                                                              - footnotes

 

Link to comment
Share on other sites

It could absolutely work.

For me, though, I'm not sure it'd be worth the extra overhead. After all, now you have to devise and code a way to track what page a user is on when she "closes" the book both when the user is and is not connected to the internet (the user could start reading at home, then continue in the car on a trip or something). And I know I always want bookmarks when reading technical docs, let alone highlights and whatnot.

However, that's for me and my situation, which is obviously different than yours. I don't think you'll run into any major issues if you basically serialize your books into posts stored in a database, but as has been pointed out it's not really that great a boost to the security of the book itself. Could be a fun project to code, though 😁.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.