Hi Nick,
Sorry, but I forgot to tell you that I can't use this exec neither
system commands because they are disabled for security precautions. So, Do
you have any other ideas on how can I do that?
Thanks for your help,
Petrus Bastos.
On Feb 17, 2008 5:15 AM, Nick Stinemates <nick@xxxxxxxxxxxxxx> wrote:
> Petrus Bastos wrote:
> > Hey folks,
> >
> > Do you know how can I create a protected zip file with password? Is
> > there anyway? I've search on the internet, but without success.
> >
> > Thank's in advance,
> > Petrus Bastos.
> >
> >
> The easiest way to accomplish this would be to write a wrapper function
> using the zip tool provided by (almost every) Linux distribution.
>
> <?php
>
> function zip($directory, $password, $saveAs) {
> return exec("zip -r $saveAs -P $password $directory";
> }
>
> print zip("/home/nick", "mypass", "/tmp/homebackup.zip");
>
> ?>
>
> Please note: the -P flag can be monitored on the local system so it is
> considered insecure.
> If you're going to be accepting input, you should also wrap your
> variables in escapeshellarg()
>
> http://us3.php.net/zip
> http://us.php.net/manual/en/function.exec.php
>
> from the zip manual entry
>
> THIS IS INSECURE! Many multi-user operating sys-tems
> provide ways for any user to see the current command line of any other
> user; even on stand-alone
> systems there is always the threat of over-the-shoulder peeking.
> Storing the plaintext password as
> part of a command line in an automated script is even worse. Whenever
> possible, use the non-echoing,
> interactive prompt to enter passwords. (And where security is truly
> important, use strong encryption
> such as Pretty Good Privacy instead of the relatively weak encryption
> provided by standard zipfile
> utilities.)
>
> ==================
> Nick Stinemates (nick@xxxxxxxxxxxxxx)
> http://nick.stinemates.org
>
> AIM: Nick Stinemates
> MSN: nickstinemates@xxxxxxxxxxx
> Yahoo: nickstinemates@xxxxxxxxx
> ==================
>
