Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Password protection #86

Open
sargitcom opened this issue Aug 6, 2018 · 9 comments
Open

Password protection #86

sargitcom opened this issue Aug 6, 2018 · 9 comments
Labels
enhancement help wanted

Comments

@sargitcom
Copy link

Description of the problem

Can you add password protection to this library?

  • ZipStream-PHP version: newest
  • PHP version: 7.x
@NicolasCARPi
Copy link
Collaborator

Hello,

I think the priority here is to make a correctly working version 1.0.0 and then we'll see about adding such features. But thanks for the suggestion!

Cheers,
~Nico

@peter279k
Copy link
Contributor

Is there any updated comment?

I want to do this issue.

@NicolasCARPi
Copy link
Collaborator

I want to do this issue.

Please have a go at it!

@jeanpaze
Copy link

Any update on that? I'd really appreciate that feature as well.

I'm trying to use this lib but it did not work well in my case (with Nextcloud). Timeout issues due to memory usage - WIP issue though.

@NicolasCARPi
Copy link
Collaborator

@jeanpaze There has been no update on that. Unless someone starts working on it, there won't be any either.

@peter279k
Copy link
Contributor

@NicolasCARPi, @jeanpaze, in the past, I tried to use PHP read Zip stream to accomplish this issue.

But it's hard to implement this. I will try to use php-zip extension to accomplish this issue on other PHP Zip packages at my available time :).

@jeanpaze
Copy link

Hi @peter279k, I've seen a couple of messages from you in some other repos. We pretty much want the same feature.

I tried to mess around the code but as you said, it's hard and I don't have enough PHP skills for that, but please let me know if there is something I could help you with.

Cheers!

@NicolasCARPi
Copy link
Collaborator

While having a password protection feature in zip would be a good thing for sure, we can also think about alternatives. This is a must read: https://security.stackexchange.com/questions/35818/are-password-protected-zip-files-secure (TL;DR password protection is quite weak).

Maybe encrypting the resulting zip with a proper cipher and a library like https://github.com/defuse/php-encryption would be better. It depends what you want to achieve, is it confidentiality, authenticity or both? Using gpg could also be a solution.

@jeanpaze
Copy link

Good point @NicolasCARPi.

For context (in my case), I want to offer confidentiality for people that download files from my cloud server.

That said, I know that just password protection is not enough and should be encrypted as well but this lib automatically encrypts the zip when you set a password, as far as I could understand here (see setPassword function).

Someone mentioned this:

Encryption is done on the files not the container itself, so confidentiality & integrity are still granted for the files inside. The ZIP archive itself isn't password-protected, but the files inside are.

In theory, encrypting files inside a zip means that you'll have to set a password, correct?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@maennchen @NicolasCARPi @peter279k @jeanpaze @sargitcom