Petrus Bastos wrote:
> Hi Nick,
>
> Sorry, but I forgot to tell you that I can't use this exec neither
> system commands because they are disabled for security precautions. So, Do
> you have any other ideas on how can I do that?
>
> Thanks for your help,
> Petrus Bastos.
>
> On Feb 17, 2008 5:15 AM, Nick Stinemates <nick@xxxxxxxxxxxxxx> wrote:
>
>
>> Petrus Bastos wrote:
>>
>>> Hey folks,
>>>
>>> Do you know how can I create a protected zip file with password? Is
>>> there anyway? I've search on the internet, but without success.
>>>
>>> Thank's in advance,
>>> Petrus Bastos.
>>>
>>>
>>>
>> The easiest way to accomplish this would be to write a wrapper function
>> using the zip tool provided by (almost every) Linux distribution.
>>
>> <?php
>>
>> function zip($directory, $password, $saveAs) {
>> return exec("zip -r $saveAs -P $password $directory";
>> }
>>
>> print zip("/home/nick", "mypass", "/tmp/homebackup.zip");
>>
>> ?>
>>
>> Please note: the -P flag can be monitored on the local system so it is
>> considered insecure.
>> If you're going to be accepting input, you should also wrap your
>> variables in escapeshellarg()
>>
>> http://us3.php.net/zip
>> http://us.php.net/manual/en/function.exec.php
>>
>> from the zip manual entry
>>
>> THIS IS INSECURE! Many multi-user operating sys-tems
>> provide ways for any user to see the current command line of any other
>> user; even on stand-alone
>> systems there is always the threat of over-the-shoulder peeking.
>> Storing the plaintext password as
>> part of a command line in an automated script is even worse. Whenever
>> possible, use the non-echoing,
>> interactive prompt to enter passwords. (And where security is truly
>> important, use strong encryption
>> such as Pretty Good Privacy instead of the relatively weak encryption
>> provided by standard zipfile
>> utilities.)
>>
>> ==================
>> Nick Stinemates (nick@xxxxxxxxxxxxxx)
>> http://nick.stinemates.org
>>
>> AIM: Nick Stinemates
>> MSN: nickstinemates@xxxxxxxxxxx
>> Yahoo: nickstinemates@xxxxxxxxx
>> ==================
>>
>>
>
>
Unfortunately I don't have any other ideas. Since PHP's implementation
of ZIP does not have password features you're left with the following
options:
* Write your own implementation based on RFC
* Write an interface to another app which can zip the file for you
* Something else I can't think of ;x
Sorry I don't have any other ideas.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
