Most people at work can't download executables with some IT security software.
Is there a site that you know that will enclose an executable from a link to a zip file to download.
If one doesn't exist, I'll make a site tonight and host it (down the road, I'm getting new servers and moving locations)
My Plan:
1. Provide the link to the exe on the internet
2. Download the file to a very limited folder or partition with read-only access to the file.
3. With php, enclose the file using one or more zip software (tar, gzip, biz)
4. Provide the link to the user to download.
5. Accept donations :)
Any thoughts on security or viability, etc?
I think it's a niche market and it will catch on quick.
Thanks,
Dan
That's a good idea. I guess there should be no executing the program once downloaded on your server, so there should be no risk. Just trying to think, "how could I destroy your site" and work backwards from there. Once it's downloaded on your server you should restrict access to that folder so no one can run it by simply going to its address.
Another idea would be to catalogue downloaded and zipped programs so when a user gives a URL which has already been done, it can simply use the file already made, rather than downloading another one?
Do you plan on having a size limit? People could probably abuse it by using it to download movies and big programs to save them from doing all the downloading and kill your server?
Also, if your site is flagged as a potential virus or malware source, you could have that blocked as well by most work filters defeating the whole point?
26 3079
That's a good idea. I guess there should be no executing the program once downloaded on your server, so there should be no risk. Just trying to think, "how could I destroy your site" and work backwards from there. Once it's downloaded on your server you should restrict access to that folder so no one can run it by simply going to its address.
Another idea would be to catalogue downloaded and zipped programs so when a user gives a URL which has already been done, it can simply use the file already made, rather than downloading another one?
Do you plan on having a size limit? People could probably abuse it by using it to download movies and big programs to save them from doing all the downloading and kill your server?
Also, if your site is flagged as a potential virus or malware source, you could have that blocked as well by most work filters defeating the whole point?
Interesting idea, indeed.
To overcome the possibly of the server's IP being blacklisted, you might look into having the system being distributed (and distributable). That is, allow users to host the application from their own servers, be it at home, etc. Of course, this compromises the source code and your ownership of it. You could overcome this by, say, developing the application as compiled C for cgi execution, or even develop an extension for PHP, again in compiled C.
Nevertheless, it is an interesting idea, and, as far as I have seen, a unique one.
The only problems I can see: possible issues with hosting executables that have copyright laws on them disallowing the distribution of them; many simultaneous downloads of large files - that'll be quite costly; the security of the executables on the server.
As The Servant suggested, you could provide a catalogue of popular downloads and search functionality within the application.
Another possible area for this application could be a proxy. For a user to provide the link to the file he/she wants compressing, the user needs to know the address of it. What if the user finds that, when he/she accesses a site to look for this address, the site is blocked. Then he/she cannot get the address. You may incorporate a proxy to allow for this situation.
Mark.
P.S. Sounds like a cool project :)
Great feedback guys, as always.
My responses:
1. Security: yes I think it would be in a non www accessible folder on a partition with no execution permitted.
2. Catalog: I thought about it, then again it might not be a good idea for a few reasons that out-weigh the good:
a. Some applications don't include the version number in the file name so when a new version comes along, it's the same link but different file.
b. Limited disk space at the moment.
c. I would have to do clean up.
d. Markus also mentioned copyright laws that prohibit distribution.
3. Abuse/Size: I have Limited disk space and limited bandwidth, I would have to definitely put a cap on size. Maybe 500MB? I don't see a lot of exec movies. Most programs aim to have a very small exec anyway. This is good for the essential tools you need at work: Firefox, RegexBuddy, TextPad, NetBeans, GoogleDesktop, etc.
4. Proxy: This idea came about from going around a corporate IT firewall that allows zip downloads but not anything that ends in exe. (I could not download Firefox...I Know! Horrific right?). This same security program also blocks proxies. Even google/translate of web pages is blocked for me. So I think this would kill the original purpose of it if my site ends up categorized and black listed as a proxy.
Also, if a site is blocked, it's blocked. One can find a proxy, if it's allowed by the user's company (highly doubt it).
Like most everything else I do, it will be open source. So I'm not worried about distributing the source code. One can install this on their own home server.
I'll try to have a one-pager up this weekend.
Thanks guys!
Dan
Looking forward to it :)
Maybe a publicly accessible repo?
sure, sourceforge?
In the mean time, think of a good name for it besides my unimaginative exe2zip.
Cheerio!
Dan
@dlite922
I prefer googlecode to sourceforge. The new design for sourceforge is blinding (and not in the good way)!
I'll have a think of some names :)
Dan, can I recommend having a smaller than 500MB limit to start off with if you're worried about bandwidth etc? I mean honestly, if it's for exe's that you're downloading, it's not likely to be more than 100MB, and if it is, and your work is still blocking it, it probably should be done more formally by the IT dept. as it's not just a quick file? As I'm sure you're well aware, you could have a 50-100MB limit for starters, see if people get up there, and if you had forums or suggestions you could increase it or make that a premium service.
Also for the name, I'm an engineer, so everything must be functional for me, but try and have the function in the name somehow. exe2zip is boring, but I would google exe to zip converter, which would bring up exe2zip before "Xe Zipper" <--Actually I like this name (pronounced "zee zipper"), and it's my non-functional suggestion ;)
@Markus, I'll test out googlecode then. I haven't used it before.
@Servant, Functional is good but functional and catchy is awesome.
This app is probably going to be for me and my engineer colleagues at work (and of course you guys can use it to if you need it) so I don't think i'll publish it...yet.
Those limited server and bandwidth...well I don't even have that just yet. (I bought a house and haven't moved in yet, so my server is sitting my basement right now) So i'll probably limit it to like 50MB or something, whatever works for me at this time. But this will be a config option and if the source code is taken to a real host, it can be easily changed.
I started and I'm about 30% done.
Dan
PS: Googled "exe to zip": lots of results for the opposite of this: zip->exec but nothing the other way. the name could get lost but I have no choice. Unless any other awesome names come up, exe2zip it is.
@dlite922
what about “Echse”? (german for lizard, pronounced [ɛksə], like exe)
lizard...hmmm I'm trying to think of a design.
The current one I have at the moment is something simple:, here's a screen shot of what I'm wasting my time with.
a zipper idea zipping up the page.
Simple to use: paste the link, click the button. One could add functionality by "clicking the zipper" changes the "zipper", ie to tar, bzip, gzip etc.
very web 2.0-ish right?
@dlite922
let me cite Natalie Cole: very – close – second…
I know it freakin' sucks.
It's 2:00 AM here, gi'me a break.
My design sense never took off, but you got to admin the zipping up the page of binaries is a genius idea.
Forget the shiny floor, horizon or mismatching fonts, those can be deleted.
@dlite922
it’s 9 o’clock and I’ve not had my daily dose of puns yet.
got to admit*
I can't even spell right :) and you're worried about puns.
You guys have a great day, I'm goin' to bed!
@dlite922
I like it :)
Maybe clicking on 'ZIP' would bring up the other options to the right of it.
Hold on, I'll whip up an edit of it.
Actually, I won't bother - not in a design frame of mind. :( But I'm sure you get the idea. The user clicks on 'ZIP' and then (possibly) some nice javascript scrolls the other options down from the top, 'TGZ', 'RAR', etc. When the user selects one, the option is changed behind the scenes.
@dlite922
Looks good. Never worked with it - bookmarked it now though :D
Yeah, get the library done and then worry about the pleasantries!
I struggle with designs too. Simpler the better, as long as you have some contact way! I hate having to copy email addresses and it's much easier (I find) to message from their site.
Once you have an Alpha up, we can have a go and test it for you and then go with suggestions. Until then, just focus on the alpha code (don't worry about the looks) and then after you get the code nice and efficient with all the functionality you want, you can design it around the functions.
UPDATE:
@Servant: Ya...I'm not a designer but I seem to be comfortable working backwards. I always design my gui and see what function it needs, then code those functions.
Hope this link works: http://exe2zip.designsbydan.com/
I don't want my email out there as text. I can have a contact page but for what? doesn't work? too bad :)... at least for now.
contact page => captcha => read people's emails != I have no time now.
But like I said, let's get it up and get your suggestions in, we'll figure those out later.
Dan
How about simple email obscurification with javascirpt? Or html encrypting them? But yes, I hear you about the not caring if it doesn't work. Atleast have a thread on a forum (maybe Bytes) just so that you can keep suggestions coming in. I reckon it'll be good, and could take off ;)
Hey guys, work came up this weekend but I'm at the end of the function. It successfully downloads the file and zips it to a non web directory.
Can anyone write what the headers would be for a zip file. If so I'll copy and paste it, output the file and see if it works tonight.
This is what I've got so far -
-
header('Content-Type: application/octet-stream');
-
header('Content-Disposition: attachment; filename="your_exe.zip"');
-
header('Content-Transfer-Encoding: binary');
-
readfile('example.zip');
-
-
good enough?
Dan
Maybe a content-length header ( filesize())? Otherwise, looks good.
Oh yes. forgot that one. Thanks.
Dan
It's been a busy week for me, but it really has like less than 15 minutes of work left. I'm going to quit being lazy and finish it up quick. Plus any time needed to get GoogleCode setup and upload it there. (~30 minutes)
Will post back later with a link to it. It's night time where you are, so it will be when you wake up.
Dan
UPDATE:
hey guys. I sort of finished it. I mean it's at a point where it needs debugging and improvements. http://code.google.com/p/exe2zip/
Things it needs
1. better validation to allow specific files (.exe, .jpeg, .jpg) because I can't even look at URLs to images
2. Find out why when I download it only gives me part of the zip file (ie corrupt zip file)
3. Make other compress types work (tar, bzip)
4. Make error message display nicely (edit css/html) somewhere on the page.
etc. I'm sure you guys can think of many more.
Try it here: http://exe2zip.designsbydan.com/
^
Don't expect that to be up 24/7
I'll be glad to upload any new versions or modifications of this.
Dan
Sign in to post your reply or Sign up for a free account.
Similar topics
by: igthibau |
last post by:
Hello everyone,
well, the title says pretty much all.
First off though I'd like to say I have no idea what ng I should post
this to. I chose this one because I am more likely to understand...
|
by: Mr. x |
last post by:
Hello,
I need a script for counting the no. of enters on my site, please.
I need a check that for the same user in the same day - if the user enter
several times, it is count once
(or something...
|
by: richard_quick_uk |
last post by:
Hi,
If anyone's got the time I'd really appreciate any feedback on the
accessibility of this site:
http://www.cata.co.uk/_index.asp
|
by: John Morgan |
last post by:
Though I have designed and implemented a number of large reasonably
well received web sites I do not consider myself a graphics designer
I am now for the first time going to work with a ...
|
by: David |
last post by:
HI, I know this might be very basic, but I have a asp.net site that I need
to recompile. I do have asp,net, although I have no idea how to use it. I
did see some info that I can use vbc.exe to...
|
by: Jeremy S. |
last post by:
Sorry if this is too far OT - I posted this in the IIS group and got no
response - so here goes:
What would be a good or recommended way to make a Web site in IIS6
inaccessible to users on the...
|
by: Murray R. Van Luyn |
last post by:
Hi,
Since I have made changes to my website it's been a complete flop. According
to the logs, as soon as visitors have downloaded the index page they are
off. I can't figure out why?
...
|
by: -Lost |
last post by:
I cannot for the life of me remember the site name, but I believe it was the site of one
of the regular posters here or perhaps in comp.lang.java.javascript. Anyway...
The site in particular...
|
by: Corey Walker |
last post by:
Hello:
I developed a nice looking web page which provided people with a brief
overview of our society's publications (our different newsletters).
However, while I'm by no means an expert or...
|
by: Paul W Smith |
last post by:
I currently have a web site at www.middlesexccl.com
I am also developing a new version of the web site using ASP.NET. I would
like to give certain people access to this for evaluation purposes,...
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM).
In this month's session, the creator of the excellent VBE...
|
by: DolphinDB |
last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation.
Take...
|
by: DolphinDB |
last post by:
Tired of spending countless mintues downsampling your data? Look no further!
In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
|
by: ryjfgjl |
last post by:
ExcelToDatabase: batch import excel into database automatically...
|
by: marcoviolo |
last post by:
Dear all,
I would like to implement on my worksheet an vlookup dynamic , that consider a change of pivot excel via win32com, from an external excel (without open it) and save the new file into a...
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM).
In this month's session, we are pleased to welcome back...
|
by: jfyes |
last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
|
by: ArrayDB |
last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
|
by: PapaRatzi |
last post by:
Hello,
I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
| |