Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Fix: data_portability_export email download #5342
In the event of someone getting access to the public file, they would still need the password, isn't it @aitorlb
Thank you both for the feedback.
We don't. But without extracting the data of the password-protected files, the files themselves inside the zip can be broken; it seemed right to protect the whole content as a unit which prevents messing with the individual files.
Also, this approach made it really easy to add encryption since I did not have to modify the existing code, just wrap the returned zip in another zip.
I would prefer that too, but the gem currently used for zipping files has rather weak encryption capabilites, and 7-Zip supports encryption with AES-256 algorithm, which is better, as far as I understand.
As I hinted above, the file could be opened and its insides browsed but the contained files could not be opened/extracted without password.
As far as not using encryption, I though the whole point of it was protecting the user data from people with access to the server where the data would be stored.