How CARL Delivers Files Securely

When someone buys a digital product through CARL, they don't get a link to a file sitting in a public folder on your server. They get a time-limited, single-use download token that points to a delivery script. The file itself is stored outside your public document root and is completely inaccessible to anyone who hasn't completed a verified purchase. That's the foundation of how CARL handles secure file delivery.

Why Public URLs Are a Problem

The simplest way to deliver a digital file is to upload it to your server and share the URL. It's also the worst way. A URL that points directly to a file can be shared, indexed by search engines, discovered by scanners, or stumbled on by anyone who guesses the path. Once the URL is out, the file is out. You have no way to revoke access, no way to know who downloaded it, and no way to tie a download to a specific purchase.

CARL's delivery system eliminates that problem entirely by keeping the file off the public web and routing every download through a controlled access layer.

Where the Files Are Stored

Files you add to CARL's Downloads module are stored in a protected directory outside public_html/. A visitor browsing your site has no path to that directory. There's no URL that resolves to it, no way to request files from it directly, and no index that lists its contents. The files exist on your server but are invisible to the public web.

This is a straightforward application of a principle that applies to any sensitive server-side resource: if the public doesn't need direct access to it, it shouldn't be in the public directory. CARL enforces this automatically when you add a product. You upload the file through the admin panel, and CARL handles where it goes.

How Delivery Actually Works

When a purchase is confirmed, CARL generates a unique download token and attaches it to the buyer's purchase record. The buyer receives a download link containing that token. When they click it, the link hits CARL's delivery script, which checks the token against the database: is it valid, has it been used, has it expired? If the check passes, the script reads the file from its protected location and streams it to the buyer's browser. The file never moves to a public URL at any point in that process.

If someone tries to use an expired token, a used token, or a token that doesn't exist, the delivery script returns an error. The file doesn't move. There's nothing to intercept, share, or reuse.

What This Means for Your Products

Secure delivery protects the value of what you're selling. A PDF guide, a software download, a template pack: these have value because access to them is controlled. CARL's delivery system keeps that control in place after the sale, not just before it. Buyers get what they paid for through a process that works cleanly and reliably. Everyone else gets nothing.

For a full picture of how the purchase-to-download flow fits together, see How selling digital downloads works in CARL.

How CARL Delivers Files Securely

Why Public URLs Are a Problem

Where the Files Are Stored

How Delivery Actually Works

What This Means for Your Products

Search

Free Membership

Related Posts

How to Create a Product Page for a Digital Download | Build Your Sales Page Inside CARL | Carl Riedel

How to Set Up PayPal in CARL | Connect PayPal and Start Selling Digital Downloads | Carl Riedel

How the PayPal Webhook Works in CARL | Automate Purchase Confirmation and File Delivery | Carl Riedel

How CARL's Download Tokens Work | One-Time Secure Access After Every Purchase | Carl Riedel

How Selling Digital Downloads Works in CARL | Secure Delivery, No Third-Party Storefronts | Carl Riedel