Go Back   vb.org Archive > Community Discussions > Modification Requests/Questions (Unpaid)
  #1  
Old 03-21-2003, 02:41 PM
grov grov is offline
 
Join Date: Mar 2003
Posts: 9
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Encrypt and password for PM

I'm in need of encryption for private messages. So that they are sent and read encrypted.

I'm also in need of a hack to password protect the PM's inbox for every user. Maybe in combination with the above mentioned encryption. Is anyone working on this or is there a hack that i haven't noticed ?

Regards.
Reply With Quote
  #2  
Old 03-21-2003, 02:46 PM
filburt1 filburt1 is offline
 
Join Date: Feb 2002
Location: Maryland, US
Posts: 6,144
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

PMs are never sent. They are just stored in the database with certain properties so it looks like somebody "sent" you a PM.

What's wrong with the current system of password protection? Any member needs to login to view their PMs.
Reply With Quote
  #3  
Old 03-21-2003, 02:53 PM
grov grov is offline
 
Join Date: Mar 2003
Posts: 9
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

What my users want is the possibility to have a password on the Inbox (a different password than their userpass). This is if someone would get hold of their userpass or use their computer and they're not logged out. In that way they won't be able to read the PM's.
Reply With Quote
  #4  
Old 09-30-2003, 06:58 AM
buro9 buro9 is offline
 
Join Date: Feb 2002
Location: London, UK
Posts: 585
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I have two requirements which are similar to this:

1) The login should never be persistent for personal information or options, even when the user has stated that their login is persistent.

Think of this as Amazon asking you to confirm your password to place an order, even though you were logged in and got your customised homepage and could add things to your wishlist.

If a forum user is logged in permanently, fine. But force the user to re-enter their password at certain points (changing e-mail address, viewing PM's) to prevent invasion of privacy or identity theft.

If a user is logged in on per-session authentication then this is not needed and the user has full access. It's an easy thing to check for, just store a value in the cookie and/or session table indicating the session type.

2) I would like PM's to be stored encrypted in the database and for there not to be an admin tool or means to read them (without some pain - i.e. coding something).

The simple reason for this is that my board is growing, and whilst I already have multiple mods and super mods... I am in need of multiple administrators to cope with things like my going on holiday. But these admins will be sourced from the forum users and I won't grant them 100% trust... I would like it that even though they may have access to MySql (SSH or PhpMyAdmin) that they are unable to read users private messages.

It's just too tempting for some, and I don't want to permit it so that the temptation is simply not there.
Reply With Quote
  #5  
Old 09-30-2003, 07:03 AM
buro9 buro9 is offline
 
Join Date: Feb 2002
Location: London, UK
Posts: 585
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by buro9
I have two requirements which are similar to this:

1) The login should never be persistent for personal information or options, even when the user has stated that their login is persistent.

Think of this as Amazon asking you to confirm your password to place an order, even though you were logged in and got your customised homepage and could add things to your wishlist.

If a forum user is logged in permanently, fine. But force the user to re-enter their password at certain points (changing e-mail address, viewing PM's) to prevent invasion of privacy or identity theft.

If a user is logged in on per-session authentication then this is not needed and the user has full access. It's an easy thing to check for, just store a value in the cookie and/or session table indicating the session type.

2) I would like PM's to be stored encrypted in the database and for there not to be an admin tool or means to read them (without some pain - i.e. coding something).

The simple reason for this is that my board is growing, and whilst I already have multiple mods and super mods... I am in need of multiple administrators to cope with things like my going on holiday. But these admins will be sourced from the forum users and I won't grant them 100% trust... I would like it that even though they may have access to MySql (SSH or PhpMyAdmin) that they are unable to read users private messages.

It's just too tempting for some, and I don't want to permit it so that the temptation is simply not there.
Needless to say the encryption on PM's would have to use mcrypt to be reversible, and that the forum would need to be running on an installation of Apache that included the mcrypt library.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:20 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.09392 seconds
  • Memory Usage 2,198KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (5)post_thanks_box
  • (5)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (5)post_thanks_postbit_info
  • (5)postbit
  • (5)postbit_onlinestatus
  • (5)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete