Discussion in 'Off Topic' started by whynot, Mar 19, 2011.
Are not they private?
Only insofar as they are not shared with the public at large. Administrators can view 'private' messages using a tool like phpMyAdmin on every forum system of which I am aware.
It's true...they can even view messages in a backup...
...but it is not nice from an admin to give all those private conversations to a third party.
I have to wonder how else he'd be able to properly test it with a vast amount of real data that he doesn't otherwise have?
Besides, I'd be more concerned about names, emails, and other highly personal information we hand over so easily in many other places online than about what a few members on a site are talking about, which more often than not is unimportant. If you're not comfortable handing over that information, then don't.
Anyway, I'm excited to see this over as that means more XenForo customers are on the way over.
No I won't.
A few from IPB,yes.
IPB isn't as bad as VB4 is.
Presumably that includes handing databases over to 3rd parties who do imports?
Or giving access to support staff for troubleshooting?
If you do an import for someone you don't need to go through the database visually and read the content.
Most of the times I do not get to see any threads, posts, nor is there a need to even look up any personal msgs. The only reason you'd go to the public forum after an import is to view if the forum structure is there, if a thread loads and doesn't look broken and if the forum statistics look like things went fine.
A preview can be given to the owner of the site who can review the content - it's their forum after all.
I see no reason (for the imports that I do for others) to scan through a database, read content from threads, etc. It's all back-end stuff. And it's a courtesy towards those who trusted you with their database.
After all, if one is interested in the content, they can just sign up on the site when it runs live and read the posts.
This is also why I would do an import via a professional, rather than someone who says: this should be easy, I will do it for free or $4, trust me .. I won't resell your .sql on digitalpoint.com or flippa.com
An admin can always empty the PM table before handing over the data for testing.
True but that defeats the purpose of part of the test to ensure that PMs in IPB transfer over properly.
Run a query to replace the PM content with dummy text.
Emails and passwords would be more of an issue than PM's more than likely (Unless someones like sharing banking information, and then they're already incapable of keeping private information private ).
It would be interesting to see an addon that used public/private keys to encrypt PM's.
If it's for testing a converter - sanitise the data by installing a test copy of the forum and filling it with dummy content.
If it's for someone to convert it for you, either get some feedback from the community to vouch for the professionalism of the person/company, or get an agreement that all data supplied for converstion is destroyed afterwards. (I know that, technically, you can't stop someone making and sharing a copy of your data - but at least you'd have some recourse if they do!).
I think the "ideal" though, is for the forum makers to offer a conversion service themselves - at least that way there shouldn't be any trust issues.
I'm sure Kier would prefer to read your users' PMs than finalise an IPB importer and make some money for XenForo Ltd.
In terms of dealing with private data, I would just export the PM table and replace the text with dummy text (but ensure everything else stays the same), then reimport the original PMs after the conversion has taken place.
Which would make the test useless.
Clearly some people believe so. Then again, some people go round with tin foil hats on.
If people arent prepared to provide real world data for testing, then they cant complain if it fails on a real world import. I've already encounted this while doing the vb4 importer - people report an issue I cannot replicate [without access to their data] and they wont provide the access - which simply means I wont be able to fix their issue.
Why on earth anyone thinks people writing importers have nothing better to do than read the posts, PM's or whatever of people they have no connection with is beyond me - I certainly have better things to do with my time.
I do think it would be nice if there was even an uber basic md5 hash for PMs at least it would keep it away from prying eyes, would be useful esp. in the event some rtard admin had the pm table publicly visible(I'm bad at situations...)
At some point there needs to be trust. If nothing else trust in your hosting provider not to play games with your database. In theory google you read the gmail too.
Personally I would be far more concerned with the information in our private forums being displayed than our members PMs.
Separate names with a comma.