can anyone talk me through the steps of making my server secure for the sale of downloads. I wont be able to afford the ssl to start with and I dont know how the cgi-bin works and help is much appriciated.
For the SSL encryption - you can do a self-signed certificate (but it will give warnings)... I actually understand your question other way - I guess you talk about how to secure the downloads from unauthorized downloading from external party. You can do "temporary" downloads for your users. You will have your downloadable file in a "secret" folder and name on your site. When somebody purchase and wants to download - you move the original file to temporary folder with temporary name and a cron job will be added to delete it after specified time period (long enough that you are 100% sure that the user can downloaded it)... Also few techniques are available to "hide" the actual location of the file (even the one with temporary name)... Go for it Use sessions, etc
You can set password protected directories and set temporary passwords for users. Or you can try using cookies or sessions to allow downloads at a limit.
Well, code your application with PHP. It's easy, and secure. Use Base64 encoding, following an MD5 hash algorithm. Additionally, if it's via a form, make sure you sanitize the input before you display it. Anything in-depth I can assist you with a simple PM, good luck.