Privacy for PM

[lednik]

I was finding way to reduce size of database and than discovered that PM can easily be seen.

Now I have possibility that I didn't wanted. I am using SMF 1.1.6.

Will it be changed in future versions so can't read it?
Is there is a way I can prove it that I don't read them?

[aldo]

Just don't read them. You have access to the database of your forum, which means you have access to the PMs of your forum from all users. SMF cannot stop you from reading them from like phpMyAdmin or something (because SMF cannot do that, it just can't), SMF merely provides the interface to only allow the person who sent and the person who received the PM to access them.

[Antechinus]

Exactly. If you don't think they should be read by people they weren't addressed to then do_not_read_them.

I've had to do substantial database editing and I simply give the pm tables a miss. It's easy to do.

ETA: And please update your forum to 1.1.7. There is an exploit in 1.1.6 that has been patched.

[karlbenson]

Even if they were encrypted, the encryption would have to be stored to be reversable.

[hillrunr]

Even if they were encrypted, the encryption would have to be stored to be reversable.

This is the key. Encryption will only prevent "accidental" viewing of PMs. If you don't want to read PMs, then you'll make sure you don't. If you do (IMO, not a good thing to do as it seems like a violation of the privacy your users are expecting) you will whether the PMs are stored encrypted or not.

[lednik]

OK. Thanks for answers. I wasn't talking only about me. There are other administrators on the forum.
Encryption would be OK from mine point of view.

What about email notification for receiving PM? I have notice that there is a problem when email is not delivered.
Are PM's safe when email is delivered regulary?

[Antechinus]

That would depend on how secure the member's email account was.