tags:

views:

48

answers:

4
Q: 

Password protect a CSV file

Hi, I am using a csv file to authenticate user login. Is it possible to password protect the CSV file? I do not want anybody to be able to download the csv file through url. I googled and I found out that it is not possible to password protect a csv file. Is there any other way I can password protect the file?

+1  A: 

Compress it in a ZIP file using encryption. You'll have to decompress/unencrypt it each time you want to read from it, however.

See Powerarchiver, winrar, or other compression utilities for more information.

JYelton  2010-09-17 20:45:28
could you please show me how will I encrypt/unencrypt using code in php?
developer  2010-09-17 20:48:19
Instead of zipping it I’d just encrypt it. Checking the php doc the mcrypt_encrypt function would be one. http://de2.php.net/manual/en/function.mcrypt-encrypt.php (which probably requires mcrypt as a dependency)
Kissaki  2010-09-17 20:53:12
just make sure you can't download it. that makes much more sense than encrypting it and leave it in public place
Thomas Weber  2010-09-17 20:55:59
@developer: Kissaki is right, simply encrypting it will be likely better. Moreover, according to http://php.net/manual/en/book.zip.php, there doesn't seem to be an encrypt/decrypt built into the PHP zip library.
JYelton  2010-09-17 22:32:30
+8  A: 

the short answer is no: CSV is a plain text format, it's not Excel.

the long answer is: you should never put security relevant information into a folder which is accessible via the webserver. move the file into a folder you can access from PHP but which is outside of your document root in Apache

Thomas Weber  2010-09-17 20:46:26
And hash the passwords!
Guttsy  2010-09-17 20:51:18
definitely do so, and make sure you use salted hashes
Thomas Weber  2010-09-17 20:56:35
A: 

If you're worried about someone downloading the file, put it someplace that isn't downloadable. Your webserver will only return files from a specific set of directories. If your CSV file is not in one of them, nobody will be able to download it.

Jeff Dege  2010-09-17 20:48:05
+1  A: 

If using Apache, use a .htaccess file to deny access to that file. Better still, store the file somewhere above the webroot. For example, if your webserver is located at /home/username/htdocs/, you could store the file at /home/username/data/logins.csv.

michaelc  2010-09-17 20:49:10

related questions

C# Exception Handling continue on error
Exporting tab-delimited files in SSRS 2005
How can I join a list into a string (caveat)?
When reading a CSV file using a DataReader and the OLEDB Jet data provider, how can I control column data types?
Looking for tool to generate random CSV data
csv api for java
in rails, how to return records as a csv file
Import *variable record length* CSV file using SSIS
asp.net Convert CSV string to string[]
What's the best way to extract table content from a group of HTML files?
How do I save each sheet in an Excel workbook to separate CSV files with a macro?
Program for working with large CSV Files
How do I best generate a CSV (comma-delimited text file) for download with ASP.NET?
SSIS: Adding a constant column value when doing a CSV to SQL conversion
Java code to import CSV into Access
Parsing XML using unix terminal
CSV (or sheet in XLS) to SQL create (and insert) statements with .Net?
Generate Insert SQL statements from a csv file
Split a string ignoring quoted sections
FileHelpers performance
CSV string handling
What is a good web-based Grid that accepts Excel clipboard data?
CSV File Imports in .Net
How to export data from SQL Server 2005 to MySQL
Converting CSV File to XML in Java