Hiya all,
I've just been asked by a community member about security regarding PMs. At the moment I have a test forum up, and so far we like everything we see, but she is asking if it would be possible for an admin (read: me) to gain access to people's Private Messaging.
As far as I can see, the only way I could do this (without their passwords) would be to gain access to the raw MySQL tables that store PMs, and extract the text. Hence my question: Is there any way to have actual message data encrypted in such a way that even someone with DBA access could not read them?
Thanks,
Atlay
Even we had it, the one who will install the mod would be again the amdin. So how can a user trust an admin whether he installed it or not?
That would be pretty silly, IMO. If you can't trust the administrator of the site, you need to fire the administrator.
This isn't just a matter of hashing the data, because hashing is a one-way method, and once the data is hashed, it will always be hashed. There's no decoding the hash. Encryption would require a key be stored somewhere on the server. That key would be used to encrypt and decrypt the text. If an admin has MySQL access, that admin would also have access to the server and therefore have access to the key.
If this member wants messages to be encrypted, that member should encrypt the message using a key like pgp, then copy the encrypted text into the PM. The recipient should have a matching key and can copy/paste into the pgp and decrypt the message.
Oh, I agree. And there are also easy things I could do as an admin, such as modding the logon script to log passwords, etc. I'm just passing on a question from a potential user, when I was not 100% sure of the answer myself. :)
Thanks for the prompt responses.
Atlay