0

I hope that I have found the correct place to ask my question regarding unzipping files.

I would like to see if there is a way to restrict the locations available to the user to unzip a password protected zip file in order to ensure security of the contents of that file. I believe this is useful for security if there is a password protected zip file on a server, which can be set up to only allow unzipping capability to a local file location.

Obviously if the file is unzipped and placed onto the server in regular file format, the file is no longer secure.

Is there a way to do this that anyone is aware of?

chase
  • 111
  • 1

2 Answers2

4

No. And this is never going to be possible, because the person unzipping the file can have total control of their machine.

As proven by the numerous failed DRM schemes, once you give code or data to someone, they can do what they want with it.

That's just how the world works :-)

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
0

Seems like an odd request, but one option might be to embed the ZIP in an executable and unzip it from there. This would allow you to check the current directory and determine if you want to extract the results from the executable.

That being said, once the files have been extracted the user can (and probably will if they want to) move the files where ever they want...

Abe Miessler
  • 8,155
  • 10
  • 44
  • 72
  • 2
    and an executable can be looked at and unpacked my common tools. So you'd have to encrypt. But then analysis could release the key....etc – Rory Alsop Nov 26 '13 at 19:12
  • 2
    It could be bypassed even more easily by unpacking where ever the executable wants and then moving the files somewhere else. I don't think there is any effective way to prevent users from getting the files into a different directory if they really want to, but if his goal really is `restricting locations for unzipping a zip file` this seems like the only real option. – Abe Miessler Nov 26 '13 at 19:25
  • Thank you for the answer, I like this as a work around to the problem. We actually found that by sending a link (this is on dropbox) to the zip file, we can force the user to simply only download the file locally, and they do not have access to the server (dropbox). From there, we can have the zip file password protected, which gives a backup protection. – chase Nov 26 '13 at 20:54