RPeters wrote: > james.d.h.turner@xxxxxxxxxxxx wrote: > >> It is the final executable that must be signed (not the zip file). I can >> provide code to validate the signature - it's neither huge nor complex. >> >> In theory, it should be possible to sign zip files by placing the signature >> directly before the central directory, however, I have never seen this >> suggested and it is not an accepted standard. >> >> -- James Turner >> >> >> ---- RPeters <rpeters@xxxxxxxxxxxxx> wrote: >> >> >>> james.d.h.turner@xxxxxxxxxxxx wrote: >>> >>> >>>> Alternative security possibilities that could be considered >>>> >>>> 1) Allow autorun when extracting to temp directory >>>> 2) Allow autorun when digitally signed >>>> >>>> -- James Turner >>>> >>>> ----------- >>>> To unsubscribe from this list, send an empty e-mail >>>> message to: >>>> delphizip-request@xxxxxxxxxxxxx >>>> and put the word unsubscribe in the subject. >>>> >>>> >>>> >>> Thanks - the first looks like a reasonable (easy/small to implement) >>> compromise. >>> In theory Vista+ should take care of the second but the problem will be >>> how to sign it - the zip format is not very friendly to signing or would >>> signing the stub/loader work. >>> Russell Peters >>> ----------- >>> To unsubscribe from this list, send an empty e-mail >>> message to: >>> delphizip-request@xxxxxxxxxxxxx >>> and put the word unsubscribe in the subject. >>> >>> >> ----------- >> To unsubscribe from this list, send an empty e-mail >> message to: >> delphizip-request@xxxxxxxxxxxxx >> and put the word unsubscribe in the subject. >> >> > Please do send the code - the next version of the stub is not finished > yet (thought it was but there is still a problem with detached SFX). > I have an idea that forcing this action probably won't suit some people > but it might help stop it being regarded as a potential virus carrier. > > Most zip extractors expect (demand) that the central directory > immediately follow the local entries and the EOC immediately follows the > central which the 'standards' doesn't stipulate - this is a real > stumbling block (oh for an embedded data field that most things would > ignore). > Russell Peters > ----------- > To unsubscribe from this list, send an empty e-mail > message to: > delphizip-request@xxxxxxxxxxxxx > and put the word unsubscribe in the subject. > Perhaps it would help if I gave the address to send it to - rpeters AT delphizip DOT org I am presently doing some work on the SFX stub for the next version - it is one of the last known code area requiring work before testing can start in earnest. Russell Peters ----------- To unsubscribe from this list, send an empty e-mail message to: delphizip-request@xxxxxxxxxxxxx and put the word unsubscribe in the subject.