FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Unzip password-protected ZIP file in RAM?
Show: Today's Messages :: Unread Messages :: Show Polls :: Message Navigator
| Subscribe to topic | Bookmark topic 
Switch to threaded view of this topic Create a new topic Submit Reply
Unzip password-protected ZIP file in RAM? [message #183447] Fri, 25 October 2013 08:51 Go to next message
Gilles Ganault is currently offline  Gilles Ganault
Messages: 27
Registered: September 2010
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
Hello

This is a newbie question.

While travelling, I keep an .htaccess-protected text files with
e-mails/passwords, credit card numbers, etc.

To make it more secure, I was thinking of compressing the file as a
password-protected ZIP file, and access it through a PHP script that
would unzip it in RAM and display the contents, so that a clear text
version is no longer necessary.

What do you think? Can PHP do this?

It's 5.3.13 running on a hosted *nix server.

Thank you.
Re: Unzip password-protected ZIP file in RAM? [message #183449 is a reply to message #183447] Fri, 25 October 2013 12:37 Go to previous messageGo to next message
J.O. Aho is currently offline  J.O. Aho
Messages: 194
Registered: September 2010
Karma: 0
Senior Member
add to buddy list
ignore all messages by this user
On 25/10/13 14:51, Gilles wrote:
> Hello
>
> This is a newbie question.
>
> While travelling, I keep an .htaccess-protected text files with
> e-mails/passwords, credit card numbers, etc.
>
> To make it more secure, I was thinking of compressing the file as a
> password-protected ZIP file, and access it through a PHP script that
> would unzip it in RAM and display the contents, so that a clear text
> version is no longer necessary.
>
> What do you think? Can PHP do this?

zip files not that safe.

> It's 5.3.13 running on a hosted *nix server.

A shared sercer not that safe to store things on.



Would recommend you to think of using TrueCrypt, works on all major
operating systems and majority of cellphones. This would be outside the
scope of this user group.



--

//Aho
Re: Unzip password-protected ZIP file in RAM? [message #183450 is a reply to message #183447] Fri, 25 October 2013 13:18 Go to previous messageGo to next message
Robert Heller is currently offline  Robert Heller
Messages: 60
Registered: December 2010
Karma: 0
Member
add to buddy list
ignore all messages by this user
At Fri, 25 Oct 2013 14:51:38 +0200 Gilles <nospam(at)nospam(dot)com> wrote:

>
> Hello
>
> This is a newbie question.
>
> While travelling, I keep an .htaccess-protected text files with
> e-mails/passwords, credit card numbers, etc.

You really don't want to do this!

>
> To make it more secure, I was thinking of compressing the file as a
> password-protected ZIP file, and access it through a PHP script that
> would unzip it in RAM and display the contents, so that a clear text
> version is no longer necessary.

This probably not really much better.

>
> What do you think? Can PHP do this?
>
> It's 5.3.13 running on a hosted *nix server.
>
> Thank you.
>

--
Robert Heller -- 978-544-6933 / heller(at)deepsoft(dot)com
Deepwoods Software -- http://www.deepsoft.com/
() ascii ribbon campaign -- against html e-mail
/\ www.asciiribbon.org -- against proprietary attachments
Re: Unzip password-protected ZIP file in RAM? [message #183451 is a reply to message #183449] Fri, 25 October 2013 15:22 Go to previous messageGo to next message
Gilles Ganault is currently offline  Gilles Ganault
Messages: 27
Registered: September 2010
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
On Fri, 25 Oct 2013 18:37:36 +0200, "J.O. Aho" <user(at)example(dot)net>
wrote:
> Would recommend you to think of using TrueCrypt, works on all major
> operating systems and majority of cellphones. This would be outside the
> scope of this user group.

Thanks for the tip. So I'll just install Linux on an appliance and
keep it switched on while I travel.
Re: Unzip password-protected ZIP file in RAM? [message #183452 is a reply to message #183450] Fri, 25 October 2013 15:30 Go to previous messageGo to next message
The Natural Philosoph is currently offline  The Natural Philosoph
Messages: 993
Registered: September 2010
Karma: 0
Senior Member
add to buddy list
ignore all messages by this user
On 25/10/13 18:18, Robert Heller wrote:
> At Fri, 25 Oct 2013 14:51:38 +0200 Gilles <nospam(at)nospam(dot)com> wrote:
>
>>
>> Hello
>>
>> This is a newbie question.
>>
>> While travelling, I keep an .htaccess-protected text files with
>> e-mails/passwords, credit card numbers, etc.
>
> You really don't want to do this!

Indeed. te way I did this on a laptop which given where we were
operating was very vulnerable to theft, as to used a USB pen drive,
which was only inserted in the laptop when it was fully attended.

The data in the drive (it as a mySQL database) was encrypted using an
mysql encryption function -AES_ENCYPT('data','key') - and the key was in
the actual PHP code on the laptop hard drive.


that meant that the data was secure if the pen drive was lost, and the
computer didn't have the data on it anyway, although it had the means to
decrypt it.

what it did mean that the loss of other the pen drive or the laptop was
no big deal. the sort of thieves would be likely to be uninterested in
the data anyway, and it wouldn't look like 'windows' anyway so they
would probably wipe it.

The pen drive was formatted EXT2 IIRC so didn't read in a windows
machine anyway.

So it would take a criminal linux hacker to discover the data, which
wasn't named in an obvious way, and the laptop as well, or a knowledge
of what algo was in use, and a lot of patience to get the data back.

So that's what I would do: format a USB stick pen drive with a Linux
format (assuming you are using linux) and set up an instance of apache
on the lappie to serve internally via php the contents of an encrypted
DB on the USB stick pen drive.

Always remove the pen drive after use.



>
>>
>> To make it more secure, I was thinking of compressing the file as a
>> password-protected ZIP file, and access it through a PHP script that
>> would unzip it in RAM and display the contents, so that a clear text
>> version is no longer necessary.
>
> This probably not really much better.
>
>>
>> What do you think? Can PHP do this?
>>
>> It's 5.3.13 running on a hosted *nix server.
>>
>> Thank you.
>>
>


--
Ineptocracy

(in-ep-toc’-ra-cy) – a system of government where the least capable to
lead are elected by the least capable of producing, and where the
members of society least likely to sustain themselves or succeed, are
rewarded with goods and services paid for by the confiscated wealth of a
diminishing number of producers.
Re: Unzip password-protected ZIP file in RAM? [message #183453 is a reply to message #183452] Fri, 25 October 2013 15:53 Go to previous messageGo to next message
Gilles Ganault is currently offline  Gilles Ganault
Messages: 27
Registered: September 2010
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
On Fri, 25 Oct 2013 20:30:27 +0100, The Natural Philosopher
<tnp(at)invalid(dot)invalid> wrote:
> So that's what I would do: format a USB stick pen drive with a Linux
> format (assuming you are using linux) and set up an instance of apache
> on the lappie to serve internally via php the contents of an encrypted
> DB on the USB stick pen drive.

Thanks for the tip. USB sockets are usually off-limit in web cafés,
which is where I'd go if I lost my smartphone, but I'll check it out.
Re: Unzip password-protected ZIP file in RAM? [message #183514 is a reply to message #183453] Tue, 29 October 2013 15:01 Go to previous message
Arno Welzel is currently offline  Arno Welzel
Messages: 317
Registered: October 2011
Karma: 0
Senior Member
add to buddy list
ignore all messages by this user
Gilles, 2013-10-25 21:53:

> On Fri, 25 Oct 2013 20:30:27 +0100, The Natural Philosopher
> <tnp(at)invalid(dot)invalid> wrote:
>> So that's what I would do: format a USB stick pen drive with a Linux
>> format (assuming you are using linux) and set up an instance of apache
>> on the lappie to serve internally via php the contents of an encrypted
>> DB on the USB stick pen drive.
>
> Thanks for the tip. USB sockets are usually off-limit in web cafés,
> which is where I'd go if I lost my smartphone, but I'll check it out.

Maybe you want to have a look at the MCrypt functions:

<http://www.php.net/manual/en/book.mcrypt.php>



--
Arno Welzel
http://arnowelzel.de
http://de-rec-fahrrad.de
Quick Reply
Formatting Tools:   
  Switch to threaded view of this topic Create a new topic
Previous Topic: i have a idea and i want to make it work with just another video script "javs"
Next Topic: splitting list into columns
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Oct 19 12:20:41 EDT 2017

Total time taken to generate the page: 0.00708 seconds