News:

Want to get involved in developing SMF? Why not lend a hand on our GitHub!

Main Menu

Encryption

Started by blunted, October 23, 2012, 09:13:05 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3 All
User actions

Colin

#40
October 24, 2012, 10:41:53 PM
I think there is a fundamental, conceptual issue that is fueling the disagreement.

The level of encryption is irrelevant to the level of security it will provide in this scenario simply because it has to be decryptable. No matter how complex the encryption is, the method to decrypt it into plain text would still be just as readily available to the person who has the necessary access.

Don't get me wrong, I understand that you want to hide the PM contents from people going through the database, but fussing with different encryption types won't provide any different result.  With that said, if you still wish to not use base_64, then I would suggest having a modification made to the already existing PM mod.
"If everybody is thinking alike, then somebody is not thinking." - Gen. George S. Patton Jr.

Colin

kat

#41
October 25, 2012, 07:11:41 AM
Quote from: grimeg on October 23, 2012, 11:38:47 PMincluding simply me wanting to assure my members i can't read their pm's.

If I was a member of your forum and you told me that you couldn't read my PMs, if you wanted to, I'd leave, straight away, coz I'd know you were lying.

What I did, was this:

http://www.tlakoc.org.uk/index.php?topic=10.msg71#msg71

blunted

#42
October 26, 2012, 01:41:44 PM
i have always made my members very aware of how viewable their data is to an admin. i dont see why wishing to give them some extra comfort is such a bad thing :/

i have even demonstrated how easily it is to take over their account, etc.

kat

#43
October 27, 2012, 09:20:02 AM
Quote from: grimeg on October 26, 2012, 01:41:44 PMi dont see why wishing to give them some extra comfort is such a bad thing :/

It's not a bad thing. But, if anybody wants to share something secret, there are ways to do that.

Using the PM facility on a forum ain't one of 'em. Anyone who believes otherwise is, quite simply, off their trolley.

Also, look at it from a legal perspective. Site admins are responsible for the content on their site (Even PM stuff). So, logically, they should have access to EVERYTHING on it. Going to extremes, what if members of Al Qaeda were using your forum to pass messages? If the Feds found out about it, YOU would be the one whose door they came a'knockin' on.

In that respect, a notice, such as the one that I put, on my forum, should, perhaps, be reworded to say that they WILL be read, if suspicions were raised. Not, to make them totally unreadable (Which is impossible, anyway).
Print
Go Up Pages 1 2 3 All
User actions
Advertisement: