FUDforum - خوراک RDF
http://fudforum.org/forum/index.php
User Encrypted Content
http://fudforum.org/forum/index.phpindex.php?t=rview&goto=26315&th=5352#msg_26315
Wouldn't it be a great feature to implement something like user AES encrypted content tables? I thought about using a database function like described here:
to encrypt alle personal Data of Users and usergroups (like personal messages Forum Content etc.) - especially Personal Message encrypting would be easy to implement.
One could easily use the password hash of the user as an password for the AES function. It would enable true privacy an even administrator couldn't easily read the private data of users.
And - maybe an even bigger advantage - people accessing the Database not authorized (like by SQL Injections etc.) wouldn't have the chance to read out password hashes or personal data.
What do you think about that? I think that would be a hot feature and IMHO fudForum would be the first to have it.
bye
defa
]]>defa2005-07-13T16:43:43-00:00Re: User Encrypted Content
http://fudforum.org/forum/index.phpindex.php?t=rview&goto=26316&th=5352#msg_26316
Ilia2005-07-13T17:02:55-00:00Re: User Encrypted Content
http://fudforum.org/forum/index.phpindex.php?t=rview&goto=26317&th=5352#msg_26317
If you'd store the users Password hash AES encrypted und use the md5(user-input) as password to decrypt the password hash it would be diffcult for the attacker to steal the hash because it isn't stored in clear anywhere.
The point is - that in my eyes - it is a truly good feature. I am hosting a fudForum with about 400 users myself providing certain privacy. I would invest in AES Accellerating Hardware to make the Forum work good - if there would be forum the would support it.
But I understand if you don't want to implement such a feature as maybe there aren't enough people who actually need it. Probably I'll give it a try an patch a fudForum myself to see wether the idea works.