Yay Atli! Thanks for your input!
“1) That would depend on the class / extension you are using to un-zip your files. I would assume you would have a choice.”
Honestly. I did not see that one coming. I have been yearning to bring into play the new flashy PHP 5.2 ZIP support with all its super shiny glory for a while now, alas I have not come any closer upgrading to 5.2 yet.
Anyhow, it was the fallow up question that was of main interest:
“2.1) Nothing is hidden from the root user of your OS. So if the files will be un-zipped onto the hard-drive the root user could read it. But you would be able to un-zip them into a folder outside the web-root, so it could not be directly downloaded by HTTP clients.
2.2) If you can see a file, you can copy it (one way or another). And as with point 2.1, the root user can pretty much do everything. …”
However…
“This would be the ideal performance arrangement, but would leave the files unprotected from the root users, and any other user that has access to it.”
So basically it comes down to my two last questions? Performance VS security. If I have understood you correctly I should be able to do what ever I was trying to do, albeit it could come at a cost of losing performance.
“You should also be aware that PHP is ofter run by a 'nobody' user, so every file PHP creates should be protected from other users of the system.”
Sneaky. A user… With no name, you say. Thanks, I’ll keep a look out for that shifty thing.
I have a lot to learn in this area. I have been scratching the surface on compressing, caching and stuff. I want to apply these techniques to improve performance. I was hopping that I could use them to perfect security too. It seems that the easiest way would be to set up my own server ;)
Thanks your “PHP variable”-input (but you are not allowed to have dots in the var name!)