Encryption

[blunted]

At bare minimum id like a pm interface that will automatically encrypt my users pm's.

Security is extremely important to me, dual pass log ins or similiar ideas would be welcomed.

Willing to pay, not made of money but dont expect it done for free.

smf 2.02

permissions admin controlled

interested in speaking with someone who could make me a custom security mod.

[Arantor]

For what purpose, exactly?

Other than the intended recipients, the only person who could access PMs is if they had direct database access - and however it's encrypted, they could unencrypt it again.

Unless you've given someone admin permission that you shouldn't have been...

[Colin]

Arantor has a good point. Who ever is able to see others PMs now will be able to in the future regardless if they are encrypted. Remember they have to be decrypted for the intended recipient to read it.

[blunted]

there is an outdated plugin from vbulletin that did just this, a weak encryption in the data base should it ever be compromised yet both users or anyone for that matter were able to pm one another.

Not looking for military grade encryption or anything,

[Arantor]

It doesn't matter.

If your database is compromised, so too is the code and whatever method used to encrypt will be broken too.

[blunted]

i prefer taking any extra security methods possible, your attitude is akin to the engine is already knocking no point in topping off the oil.

there are numerous cases including simply me wanting to assure my members i can't read their pm's..

[Arantor]

i prefer taking any extra security methods possible, your attitude is akin to the engine is already knocking no point in topping off the oil.

*shrug* I tell the same to the people who pay me good money too. Yup, that's right, I'm sufficiently confident in this approach that I turn down people paying me money to indulge in a fallacy.

there are numerous cases including simply me wanting to assure my members i can't read their pm's..

There's three problems with that logic.

1. You're the site admin. If they don't trust you as it is, nothing you can do can fix that.
2. Whatever method is used, by definition it means you will still theoretically be able to read PMs, because it still has to be decrypted to be able to be read.
3. People do actually report PMs with inappropriate content, so by definition you must be able to read PMs anyway.

[Colin]

This might help -- though I have to agree with Arantor it isn't of much use: http://custom.simplemachines.org/mods/index.php?mod=2426

[Arantor]

That's not even encryption. But every single argument still applies.

[Colin]

That's not even encryption. But every single argument still applies.

Very true, but it seems like the OP is just looking for it to not be plain text in the DB and base_64 will accomplish that just as effectively as the strongest level of encryption would.

[blunted]

there really isn't any logic in your statements.

Sheesh people do trust me as im constantly looking for ways to protect them. Niche boards like mine have taken their users for thousands just recently, I am going from VB where I had such a program. Now maybe I had access to the data but surely I could not read it. That's like passing someone a note in farsi warning them of their death and saying i warned you.

Excuse me for trying to calm down a community that's been ravaged by bad admins, how dare I try to protect anyones sanity.

Now if all you want to do is piss and moan I do not believe I requested pissing and moaning now did I?

[blunted]

That's not even encryption. But every single argument still applies.

Very true, but it seems like the OP is just looking for it to not be plain text in the DB and base_64 will accomplish that just as effectively as the strongest level of encryption would.

Yes anything not plain text would be acceptable, anything stronger of course better.

http://www.vbulletin.org/forum/showthread.php?t=140064

Is what i used, w/o ever a problem.

like i said im not looking for military grade nor do i expect it

[Colin]

Yes anything not plain text would be acceptable, anything stronger of course better.

hxxp:www.vbulletin.org/forum/showthread.php?t=140064 [nonactive]

Is what i used, w/o ever a problem.

like i said im not looking for military grade nor do i expect it

Did you get a chance to try this? http://custom.simplemachines.org/mods/index.php?mod=2426

[blunted]

This might help -- though I have to agree with Arantor it isn't of much use: http://custom.simplemachines.org/mods/index.php?mod=2426

I thank you greatly, i still would like to discuss a security type suite with any programmers.

not exactly what i was looking for but definitely better than plan text,

thanks again

[Colin]

Couldn't we just use the other mod and modify it to use a different source of encryption? What encryption are you looking for?

[blunted]

tbh it doesnt even need to be encryption as yes i know if the data base is hacked and type of weak encryption is gonna be hammered as well.

of course id like the stronger the better but will gladly take just so i can't read, a system admin skimming that type of thing.

I tell people to use payments that secure themselves, etc but it seams it never fails some use green dots and similiar.

I simply want to make it as hard as possible to read,

I tried the other plugin. says it wont work with current version.

on a side note im loving sm coming from vb

thank you again for your time

[Colin]

The other modification will do just what you described. The value will not be plain text in the database; thus if an admin is glancing over it they won't be able to interpret it (unless they decode it of course).   How can I install a mod that doesn't work for my SMF version?

[live627]

It might install if you emulate SMF 2.0 RC2.

[blunted]

ty colin and live627

believe i got it working. i really appreciate the friendly/fast support.

[Colin]

Great. Glad we could help. Let us know if anything else comes up.