XF 1.4 Conversations (PM) Privacy

[sgr]

Hi,

Looks like all conversations are stored unencrypted inside the database, and whoever has access to the database can read them.

Is there an option to encrypt them, in order to enhance the privacy on a forum?

I haven't used other forum softwares (IPB/VB), but is it like this in them too (PMs stored unencrypted)?

 

[Paul B]

There is no configurable option to encrypt that content.

If I remember rightly, phpBB also stores it in plain text.
I can't comment on any other scripts as I haven't used them.

 

[Jeremy]

vBulletin stores them unencrypted too. Pretty standard practice and I don't know of a software that attempts to hide them in the database.

 

[Alpha1]

Only the administrators and host theoretically have access to conversations in the database. In practise there are very few administrators that actually go into the database to search them.
However, in case of unlawful activity, rules breaches or abuse its wise to have access to conversations, so that you can deal with it when needed.

 

[Daniel Hood]

Encrypting them in the database would be kind of pointless. In most cases, people that have access to the database would also have access to the file system which would leave them with the ability to get the code to decrypt them (since you would have to be able to decrypt them to show the members). The reason passwords can be encrypted is because there is no need to get them back into plain text anywhere.

 

[sgr]

Encrypting them in the database would be kind of pointless. In most cases, people that have access to the database would also have access to the file system which would leave them with the ability to get the code to decrypt them (since you would have to be able to decrypt them to show the members). The reason passwords can be encrypted is because there is no need to get them back into plain text anywhere.

Yeah. Good point.