Encode Private Messages

[live627]

Link to Mod

Encode Private Messages 1.0  by live627


This mod encodes new private messages with Base 64. Although the method employed is very insecure, someone who looks through the database will find that new PMs are scrambled. A new database column determines whether the code should kick in or not. All PMs made before you install this mod are untouched.

Compatible with SMF 2.0 RC2

Please note: The PM's are not encrypted, they are encoded, and anyone that obtains database access can still decode them.

[Joker™]

can u explain a bit more that what exactly does this mod do ?

[Arantor]

The mod protects messages in the database in so far that someone with database access can't just browse the database to read messages.

Better question: why?

If someone has database access, they can trivially read the messages. Better would be to ensure you don't give out DB access (as an admin) to those who can't be trusted with it.

[Kriostasys]

Hello
is that a year ago since the publication of this post
but doing little probe this mod and I liked
only, that quote in the private messages the quoted text appears encoded
It would be possible that the subpoenas in private messages appear without encoding?
Thank you for your attention and sorry for reopening an old issue

[Kriostasys]

What a pity
I had done illusions

[Oceander]

Will this work on 2.0.11?  Any little reassurance to members would help even if only a band aid. 

[dougiefresh]

Will this work on 2.0.11?  Any little reassurance to members would help even if only a band aid. 

It looks like it will install on 2.0.11 using "SMF 2.0 RC2" emulation.

only, that quote in the private messages the quoted text appears encoded
It would be possible that the subpoenas in private messages appear without encoding?

Bug report confirmed. 

In order to fix this, you must edit the Sources/PersonalMessage.php file.  Find this:

Code (Find) Select Expand


// Censor the message.

and add this before it:

Code (Add Before) Select Expand


// Can't read it if it's not human-readable! :D
if (!empty($row_quoted['encoded'])) $row_quoted['body'] = base64_decode($row_quoted['body']);


Also, you need to find the first occurence of this:

Code (Find 1st time) Select Expand

IFNULL(mem.real_name, pm.from_name) AS real_name
and add this immediately afterwards (on the same line):

Code Select Expand

, encoded

There is also another occurrance that must be replaced.  Find this further down from the first time:

Code (Find 2nd time) Select Expand


censorText($row_quoted['body']);

and add this before it:

Code (Add Before) Select Expand


// Can't read it if it's not human-readable! :D
if (!empty($row_quoted['encoded'])) $row_quoted['body'] = base64_decode($row_quoted['body']);


Also, you need to find the seond occurence of this:

Code (Find 2nd time) Select Expand

IFNULL(mem.real_name, pm.from_name) AS real_name
and add this immediately afterwards (on the same line):

Code Select Expand

, encoded

These changes will decode the messages so that they are human-readable.

[dougiefresh]

Any little reassurance to members would help even if only a band aid.

As for "reassurance", I would suggest you read this thread entitled "Encryption"....  Thought I'd point this one out....