Re: Prevent user from accessing Archive.pax.gz?
Re: Prevent user from accessing Archive.pax.gz?
- Subject: Re: Prevent user from accessing Archive.pax.gz?
- From: Patrick Litterst <email@hidden>
- Date: Wed, 4 Jan 2006 12:57:49 -0500
Hi.
Thank you for you response. I am not familiar with md5 checksums and
encryption. Do you know of any resources where I can get more
information on how to do this?
Thanks.
On Dec 30, 2005, at 1:57 PM, Stéphane Sudre wrote:
On vendredi, décembre 30, 2005, at 07:19 PM, Patrick Litterst wrote:
I'm trying to create an updater that will install an application
only if a previous version of the application exists on the user's
machine. However, it seems that if a previous version does not
exist (and so the install fails as a result), the user can still
go into the contents of the .pkg and unarchive the Archive.pax.gz,
and get the application even if they do not have a previous
version of the application on their computer. Is there a way to
prevent this?
They could also used Pacifist to extract the package wherever they
want to.
The only solution AFAIK would be not to have the real application
in the archive and do something like:
1) In the preflight script, compute a md5 checksum of the previous
installed version.
2) Install an encrypted version of the application (encryption
would have been made using the md5 key)
3) In the postflight script, decrypt the encrypted binary using the
md5 checksum.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Installer-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden