I created a form using the forms handler. This form is for downloading a FREE book from a library directory on my host's server. It is set up to send a reply email back to me via SafeMailer.pl (a cgi script that discourages spamming). The book downloads directly to the customers browser.

Issue #1 The form is set up as, action= http://my site/book_name. Right now, anyone can get that book by imputing the -url and the book name- directly without using the form... as long as they know the name of the book. How can I set this up so the book is accessed via the form only. (If they never saw the url path to the book, this would be great!)

Issue #2 When a customer fills out the form (name and email address) this is sent as non secure (http), so anyone could get this information, right? Can I set up https for this whole page or just in the form "action="... Is https necessary...or, is http safe in this case? There is no banking or $ involved here.

Would using https resolve both issues?