Is there a way to tell browsers to disable the "run" button when downloading an EXE?

Question

It may be convenient for some of the unlimited bandwidth types to let your users continually download your product and continually forget where they put it and redownload it. But perception of scarcity of is the beginning of wisdom as the bail bondsman said to the coroner as he brought in the week's catch in a two meter gunny sack and I'd like to save us the trouble.

Here's what I'm doing in PHP

header("MIME-Version: 1.0");
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: post-check=0, pre-check=0");
header("Content-type: application/octet-stream");
header('Content-Length: ' . $filesize);
header('Content-Disposition: attachment; filename="' . basename($filename).'"');
header("Content-Transfer-Encoding: binary");
readfile($filename);

Is there another line I could add that would magically confuse all browsers into thinking there is no way any operating system could possibly do anything with this lump of bytes except place it in some secure location for its master to fiddle with at his or her leisure?

Answer 1

As far as I know, no, there is not. File downloads are handled by the browser and it gives the options as it sees fit. You may be able to do this with a custom app in Java or Flash, but I am not 100% on that as the browser still may trump that app when it prompts for a download.

Alternatively, you could have the users download the file via an anonymous FTP account, but that requires the user to understand how to use an FTP Client and requires an FTP Client on their machine for the popup dialog to not show up.

Answer 2

If they have user accounts, one solutions is to simply limit the number of downloads they are allowed to make per account. Another option might be to stick the .exe in a zip file so it cant simply be 'run'... though a browser may try to display contents in a temporary file anyways. You can also use an installer, if you arent already, and have the app configured that it just cant be 'run' from the browser, but must be properly installed. This way the icons/start menu entries are in place for the next use.

Answer 3

If you specify the mimetype of the file the browser will display what it should. For example a pdf will prompt to open in pdf viewer or save, images will open with image application or save as, etc.

Check this out:

$info = pathinfo($fileName); 
header('Content-Description: File Transfer');
header('Content-Type: '.Mimetypes::get($info['extension']));
header('Content-Disposition: attachment; filename=' . basename($fileName));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($fileName));

class Mimetypes{
/**
*   static isAllowed returns true for allowed extensions and false otherwise.
*   method is static thus allowing is to be called without construction/
*   instantiation of the object.  
*
*   @param string ext the file extension 
*   @return boolean true for allowed extension, false otherwise 
*
*/
public static function isAllowed($ext){
    $allowedFiletypes = array('jpg','gif','bmp','png', 'xls', 'doc', 'docx', 'txt', 'pdf'); // These will be the types of file that will pass the validation.
    if(in_array($ext, $allowedFiletypes)){
        return true;    
    }else{
        return false;
    }
}//end isAllowed($ext) 

/**
*   method get accepts an extension string as argument
*   and returns the mimetype for this given argument 
*   if an entry exists in the map of extensions to
*   mimetypes.  
*   if the extension is not defined function will return
*   empty string. 
*
*
*/
public static function get($ext){
    $map = array(
        '323'=>'text/h323',
        'acx'=>'application/internet-property-stream',
        'ai application/postscript',
        'aif'=>'audio/x-aiff',
        'aifc'=>'audio/x-aiff',
        'aiff'=>'audio/x-aiff',
        'asf'=>'video/x-ms-asf',
        'asr'=>'video/x-ms-asf',
        'asx'=>'video/x-ms-asf',
        'au'=>'audio/basic',
        'avi'=>'video/x-msvideo',
        'axs'=>'application/olescript',
        'bas'=>'text/plain',
        'bcpio'=>'application/x-bcpio',
        'bin'=>'application/octet-stream',
        'bmp'=>'image/bmp',
        'c'=>'text/plain',
        'cat'=>'application/vnd.ms-pkiseccat',
        'cdf'=>'application/x-cdf',
        'cer'=>'application/x-x509-ca-cert',
        'class'=>'application/octet-stream',
        'clp'=>'application/x-msclip',
        'cmx'=>'image/x-cmx',
        'cod'=>'image/cis-cod',
        'cpio'=>'application/x-cpio',
        'crd'=>'application/x-mscardfile',
        'crl'=>'application/pkix-crl',
        'crt'=>'application/x-x509-ca-cert',
        'csh'=>'application/x-csh',
        'css'=>'text/css',
        'dcr'=>'application/x-director',
        'der'=>'application/x-x509-ca-cert',
        'dir'=>'application/x-director',
        'dll'=>'application/x-msdownload',
        'dms'=>'application/octet-stream',
        'doc'=>'application/msword',
        'dot'=>'application/msword',
        'dvi'=>'application/x-dvi',
        'dxr'=>'application/x-director',
        'eps'=>'application/postscript',
        'etx'=>'text/x-setext',
        'evy'=>'application/envoy',
        'exe'=>'application/octet-stream',
        'fif'=>'application/fractals',
        'flr'=>'x-world/x-vrml',
        'gif'=>'image/gif',
        'gtar'=>'application/x-gtar',
        'gz'=>'application/x-gzip',
        'h'=>'text/plain',
        'hdf'=>'application/x-hdf',
        'hlp'=>'application/winhlp',
        'hqx'=>'application/mac-binhex40',
        'hta'=>'application/hta',
        'htc'=>'text/x-component',
        'htm'=>'text/html',
        'html'=>'text/html',
        'htt'=>'text/webviewhtml',
        'ico'=>'image/x-icon',
        'ief'=>'image/ief',
        'iii'=>'application/x-iphone',
        'ins'=>'application/x-internet-signup',
        'isp'=>'application/x-internet-signup',
        'jfif'=>'image/pipeg',
        'jpe'=>'image/jpeg',
        'jpeg'=>'image/jpeg',
        'jpg'=>'image/jpeg',
        'js'=>'application/x-javascript',
        'latex'=>'application/x-latex',
        'lha'=>'application/octet-stream',
        'lsf'=>'/x-la-asf',
        'lsx'=>'video/x-la-asf',
        'lzh'=>'application/octet-stream',
        'm13'=>'application/x-msmediaview',
        'm14'=>'application/x-msmediaview',
        'm3u'=>'audio/x-mpegurl',
        'man'=>'application/x-troff-man',
        'mdb'=>'application/x-msaccess',
        'me'=>'application/x-troff-me',
        'mht'=>'message/rfc822',
        'mhtml'=>'message/rfc822',
        'mid'=>'audio/mid',
        'mny'=>'application/x-msmoney',
        'mov'=>'video/quicktime',
        'movie'=>'video/x-sgi-movie',
        'mp2'=>'video/mpeg',
        'mp3'=>'audio/mpeg',
        'mpa'=>'video/mpeg',
        'mpe'=>'video/mpeg',
        'mpeg'=>'video/mpeg',
        'mpg'=>'video/mpeg',
        'mpp'=>'application/vnd.ms-project',
        'mpv2'=>'video/mpeg',
        'ms'=>'application/x-troff-ms',
        'mvb'=>'application/x-msmediaview',
        'nws'=>'message/rfc822',
        'oda'=>'application/oda',
        'p10'=>'application/pkcs10',
        'p12'=>'application/x-pkcs12',
        'p7b'=>'application/x-pkcs7-certificates',
        'p7c'=>'application/x-pkcs7-mime',
        'p7m'=>'application/x-pkcs7-mime',
        'p7r'=>'application/x-pkcs7-certreqresp',
        'p7s'=>'application/x-pkcs7-signature',
        'pbm'=>'image/x-portable-bitmap',
        'pdf'=>'application/pdf',
        'pfx'=>'application/x-pkcs12',
        'pgm'=>'image/x-portable-graymap',
        'pko'=>'application/ynd.ms-pkipko',
        'pma'=>'application/x-perfmon',
        'pmc'=>'application/x-perfmon',
        'pml'=>'application/x-perfmon',
        'pmr'=>'application/x-perfmon',
        'pmw'=>'application/x-perfmon',
        'png'=>'image/png',
        'pnm'=>'image/x-portable-anymap',
        'pot'=>'application/vnd.ms-powerpoint',
        'ppm'=>'image/x-portable-pixmap',
        'pps'=>'application/vnd.ms-powerpoint',
        'ppt'=>'application/vnd.ms-powerpoint',
        'prf'=>'application/pics-rules',
        'ps'=>'application/postscript',
        'pub'=>'application/x-mspublisher',
        'qt'=>'video/quicktime',
        'ra'=>'audio/x-pn-realaudio',
        'ram'=>'audio/x-pn-realaudio',
        'ras'=>'image/x-cmu-raster',
        'rgb'=>'image/x-rgb',
        'rmi'=>'audio/mid',
        'roff'=>'application/x-troff',
        'rtf'=>'application/rtf',
        'rtx'=>'text/richtext',
        'scd'=>'application/x-msschedule',
        'sct'=>'text/scriptlet',
        'setpay'=>'application/set-payment-initiation',
        'setreg'=>'application/set-registration-initiation',
        'sh'=>'application/x-sh',
        'shar'=>'application/x-shar',
        'sit'=>'application/x-stuffit',
        'snd'=>'audio/basic',
        'spc'=>'application/x-pkcs7-certificates',
        'spl'=>'application/futuresplash',
        'src'=>'application/x-wais-source',
        'sst'=>'application/vnd.ms-pkicertstore',
        'stl'=>'application/vnd.ms-pkistl',
        'stm'=>'text/html',
        'svg'=>'image/svg+xml',
        'sv4cpio'=>'application/x-sv4cpio',
        'sv4crc'=>'application/x-sv4crc',
        'swf'=>'application/x-shockwave-flash',
        't'=>'application/x-troff',
        'tar'=>'application/x-tar',
        'tcl'=>'application/x-tcl',
        'tex'=>'application/x-tex',
        'texi'=>'application/x-texinfo',
        'texinfo'=>'application/x-texinfo',
        'tgz'=>'application/x-compressed',
        'tif'=>'image/tiff',
        'tiff'=>'image/tiff',
        'tr'=>'application/x-troff',
        'trm'=>'application/x-msterminal',
        'tsv'=>'text/tab-separated-values',
        'txt'=>'text/plain',
        'uls'=>'text/iuls',
        'ustar'=>'application/x-ustar',
        'vcf'=>'text/x-vcard',
        'vrml'=>'x-world/x-vrml',
        'wav'=>'audio/x-wav',
        'wcm'=>'application/vnd.ms-works',
        'wdb'=>'application/vnd.ms-works',
        'wks'=>'application/vnd.ms-works',
        'wmf'=>'application/x-msmetafile',
        'wps'=>'application/vnd.ms-works',
        'wri'=>'application/x-mswrite',
        'wrl'=>'x-world/x-vrml',
        'wrz'=>'x-world/x-vrml',
        'xaf'=>'x-world/x-vrml',
        'xbm'=>'image/x-xbitmap',
        'xla'=>'application/vnd.ms-excel',
        'xlc'=>'application/vnd.ms-excel',
        'xlm'=>'application/vnd.ms-excel',
        'xls'=>'application/vnd.ms-excel',
        'xlt'=>'application/vnd.ms-excel',
        'xlw'=>'application/vnd.ms-excel',
        'xof'=>'x-world/x-vrml',
        'xpm'=>'image/x-xpixmap',
        'xwd'=>'image/x-xwindowdump',
        'z'=>'application/x-compress',
        'zip'=>'application/zip'
    ); 

    if(array_key_exists($ext, $map)){
        return $map[$ext]; 
    }else{
        return "";
    }//end if(array_key_exists($ext, $map)) | else
}//end get($ext) 
}//end class Mimetypes