• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.4 Conversations (PM) Privacy

sgr

Active member
#1
Hi,

Looks like all conversations are stored unencrypted inside the database, and whoever has access to the database can read them.

Is there an option to encrypt them, in order to enhance the privacy on a forum?

I haven't used other forum softwares (IPB/VB), but is it like this in them too (PMs stored unencrypted)?
 

Brogan

XenForo moderator
Staff member
#2
There is no configurable option to encrypt that content.

If I remember rightly, phpBB also stores it in plain text.
I can't comment on any other scripts as I haven't used them.
 

Jeremy

Well-known member
#3
vBulletin stores them unencrypted too. Pretty standard practice and I don't know of a software that attempts to hide them in the database.
 

Alfa1

Well-known member
#4
Only the administrators and host theoretically have access to conversations in the database. In practise there are very few administrators that actually go into the database to search them.
However, in case of unlawful activity, rules breaches or abuse its wise to have access to conversations, so that you can deal with it when needed.
 

Daniel Hood

Well-known member
#5
Encrypting them in the database would be kind of pointless. In most cases, people that have access to the database would also have access to the file system which would leave them with the ability to get the code to decrypt them (since you would have to be able to decrypt them to show the members). The reason passwords can be encrypted is because there is no need to get them back into plain text anywhere.
 

sgr

Active member
#6
Encrypting them in the database would be kind of pointless. In most cases, people that have access to the database would also have access to the file system which would leave them with the ability to get the code to decrypt them (since you would have to be able to decrypt them to show the members). The reason passwords can be encrypted is because there is no need to get them back into plain text anywhere.

Yeah. Good point.