View Full Version : Encrypt and password for PM
I'm in need of encryption for private messages. So that they are sent and read encrypted.
I'm also in need of a hack to password protect the PM's inbox for every user. Maybe in combination with the above mentioned encryption. Is anyone working on this or is there a hack that i haven't noticed ?
Regards.
filburt1
03-21-2003, 02:46 PM
PMs are never sent. They are just stored in the database with certain properties so it looks like somebody "sent" you a PM.
What's wrong with the current system of password protection? Any member needs to login to view their PMs.
What my users want is the possibility to have a password on the Inbox (a different password than their userpass). This is if someone would get hold of their userpass or use their computer and they're not logged out. In that way they won't be able to read the PM's.
buro9
09-30-2003, 06:58 AM
I have two requirements which are similar to this:
1) The login should never be persistent for personal information or options, even when the user has stated that their login is persistent.
Think of this as Amazon asking you to confirm your password to place an order, even though you were logged in and got your customised homepage and could add things to your wishlist.
If a forum user is logged in permanently, fine. But force the user to re-enter their password at certain points (changing e-mail address, viewing PM's) to prevent invasion of privacy or identity theft.
If a user is logged in on per-session authentication then this is not needed and the user has full access. It's an easy thing to check for, just store a value in the cookie and/or session table indicating the session type.
2) I would like PM's to be stored encrypted in the database and for there not to be an admin tool or means to read them (without some pain - i.e. coding something).
The simple reason for this is that my board is growing, and whilst I already have multiple mods and super mods... I am in need of multiple administrators to cope with things like my going on holiday. But these admins will be sourced from the forum users and I won't grant them 100% trust... I would like it that even though they may have access to MySql (SSH or PhpMyAdmin) that they are unable to read users private messages.
It's just too tempting for some, and I don't want to permit it so that the temptation is simply not there.
buro9
09-30-2003, 07:03 AM
I have two requirements which are similar to this:
1) The login should never be persistent for personal information or options, even when the user has stated that their login is persistent.
Think of this as Amazon asking you to confirm your password to place an order, even though you were logged in and got your customised homepage and could add things to your wishlist.
If a forum user is logged in permanently, fine. But force the user to re-enter their password at certain points (changing e-mail address, viewing PM's) to prevent invasion of privacy or identity theft.
If a user is logged in on per-session authentication then this is not needed and the user has full access. It's an easy thing to check for, just store a value in the cookie and/or session table indicating the session type.
2) I would like PM's to be stored encrypted in the database and for there not to be an admin tool or means to read them (without some pain - i.e. coding something).
The simple reason for this is that my board is growing, and whilst I already have multiple mods and super mods... I am in need of multiple administrators to cope with things like my going on holiday. But these admins will be sourced from the forum users and I won't grant them 100% trust... I would like it that even though they may have access to MySql (SSH or PhpMyAdmin) that they are unable to read users private messages.
It's just too tempting for some, and I don't want to permit it so that the temptation is simply not there.
Needless to say the encryption on PM's would have to use mcrypt to be reversible, and that the forum would need to be running on an installation of Apache that included the mcrypt library.
vBulletin® v3.8.12 by vBS, Copyright ©2000-2025, vBulletin Solutions Inc.