PDA

View Full Version : SSL Secure your Private Messages

CJi
06-14-2002, 10:00 PM
A simple hack to encrypt your PMs using SSL when users are browsing them. Includes the ability to disable for individual users at their request.

This works on my forum, your mileage may vary. Tested only on 2.2.5. Support is minimal, but I'll do my best here when I get time. :)
VirtueTech
06-16-2002, 02:30 AM
Does this mean messages are sent using SSL as well?

Great idea. If so I think this would be very useful to members
CJi
06-16-2002, 12:46 PM
Yes, messages are sent using SSL (as well as read).
Caliber
06-16-2002, 01:59 PM
Out of curiosity, what are you trying to accomplish by securing them? Prevent them from being read in transit, or protect your users privacy. I can see how securing them would prevent their being read in transit, but not protect users privacy. If they are encrypted on your server and no one can read them, then this would be a great feature, but if the board owners can decrypt them, I do not see how privacy is protected as the messages would not be impervious to a subpoena.
Demascus
06-17-2002, 08:14 PM
thankz this is a great hack
CJi
06-22-2002, 04:45 PM
Caliber: We have a dedicated server, so there is no real need to encrypt them on the server. Ok, so we're not impervious to hackers, but there can be no casual snooping. Ultimately it was a publicity stunt: users like encryption. There are instances when it can be useful (e.g. in a corporate lan environment, it'd stop admins casually snooping traffic) and with continuing draconian 'legal snooping' laws in the UK and Europe, it prevents governments and ISPs casually logging (meaningful) data.
CJi
06-22-2002, 04:49 PM
I've also updated this hack on our server. When a user clicks register, they get provided with the terms and conditions of registration. This is now provided unencrypted, with a notice displayed saying that once they click Agree, their connection will be encrypted. If they would not like that to happen (for personal preference or a technical reason) they can click a link to disable it. This link sets a cookie and redirects back to the registration page where they are now told their data will NOT be encrypted when they click Agree. I'll edit the hackfile (once I've figured out what I did in a meaningful way) and re-upload.