Well.... lets say they do something along these lines:

1. You go and click on a download link on the site

2. when a download request is triggerd, a script generates a download link wich links to a file outside webroot. In the form that its a script that picks up the file and then triggers a download window in the browser when clicked like "download.php?id=2323". When clicked it should check that the ID is still valid for download and then proceed with download or remove the link and then display an errror.

3. When a succesfull download is done the link will only survive for a set amount of time then "die" in other words become invalid.


Wich means that you make sure the script that generates a download link checks to see that the request comes from a script on your site and not from the outside. And make a check in the script that "picks up" the download.

Hope this thoughts are usefull.

Good Luck.

/EyeDentify

__________________
Of course the whole point of a doomsday machine, would have been lost if you keep it a secret.