| User Encrypted Content [message #26315] |
Wed, 13 July 2005 16:43  |
defa
Messages: 14
Registered: July 2005
Karma: 0
|
Junior Member |
|
|
Hi!
Wouldn't it be a great feature to implement something like user AES encrypted content tables? I thought about using a database function like described here:
http://dev.mysql.com/doc/mysql/en/encryption-functions.html
to encrypt alle personal Data of Users and usergroups (like personal messages Forum Content etc.) - especially Personal Message encrypting would be easy to implement.
One could easily use the password hash of the user as an password for the AES function. It would enable true privacy an even administrator couldn't easily read the private data of users.
And - maybe an even bigger advantage - people accessing the Database not authorized (like by SQL Injections etc.) wouldn't have the chance to read out password hashes or personal data.
What do you think about that? I think that would be a hot feature and IMHO fudForum would be the first to have it.
bye
defa
|
|
|
|
| Re: User Encrypted Content [message #26316 is a reply to message #26315] |
Wed, 13 July 2005 17:02  |
Ilia
Messages: 13241
Registered: January 2002
Karma: 0
|
Senior Member
Administrator
Core Developer |
|
|
It would make the forum too slow, it is database specific and version specific in addition to that. Plus given access to the DB the attacker could use the same password has to steal the data.
FUDforum Core Developer
|
|
|
|
| Re: User Encrypted Content [message #26317 is a reply to message #26316] |
Wed, 13 July 2005 17:15 |
defa
Messages: 14
Registered: July 2005
Karma: 0
|
Junior Member |
|
|
I think the problem of speed could be solved by more power - or using PadLock an Hardware Accellerator for AES.
If you'd store the users Password hash AES encrypted und use the md5(user-input) as password to decrypt the password hash it would be diffcult for the attacker to steal the hash because it isn't stored in clear anywhere.
The point is - that in my eyes - it is a truly good feature. I am hosting a fudForum with about 400 users myself providing certain privacy. I would invest in AES Accellerating Hardware to make the Forum work good - if there would be forum the would support it.
But I understand if you don't want to implement such a feature as maybe there aren't enough people who actually need it. Probably I'll give it a try an patch a fudForum myself to see wether the idea works.
bye
defa
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]