It is the final executable that must be signed (not the zip file). I can provide code to validate the signature - it's neither huge nor complex. In theory, it should be possible to sign zip files by placing the signature directly before the central directory, however, I have never seen this suggested and it is not an accepted standard. -- James Turner ---- RPeters <rpeters@xxxxxxxxxxxxx> wrote: > james.d.h.turner@xxxxxxxxxxxx wrote: > > Alternative security possibilities that could be considered > > > > 1) Allow autorun when extracting to temp directory > > 2) Allow autorun when digitally signed > > > > -- James Turner > > > > ----------- > > To unsubscribe from this list, send an empty e-mail > > message to: > > delphizip-request@xxxxxxxxxxxxx > > and put the word unsubscribe in the subject. > > > Thanks - the first looks like a reasonable (easy/small to implement) > compromise. > In theory Vista+ should take care of the second but the problem will be > how to sign it - the zip format is not very friendly to signing or would > signing the stub/loader work. > Russell Peters > ----------- > To unsubscribe from this list, send an empty e-mail > message to: > delphizip-request@xxxxxxxxxxxxx > and put the word unsubscribe in the subject. ----------- To unsubscribe from this list, send an empty e-mail message to: delphizip-request@xxxxxxxxxxxxx and put the word unsubscribe in the subject.