Lack of interest Custom Field: Encrypted field & Maximum Data Storage Time

[Alpha1]

Over time I have encountered the need for this various times. When xenforo and xenforo addons are used to store sensitive information, it would be very important to store this encrypted and to allow for a maximum time the data is stored.

Some examples where this would be handy:

• Support tickets with personal information
• Conversations with personal information and login details.
• Bug tracking forums with ftp or login details or server details

It would be mighty handy if custom fields would allow us to give sensitive data, PII, login details for a limited time frame and in a secure manner.
After the set time the data would be removed.

To illustrate my point: vbulletin.com was hacked several times and the various login details in their system and their conversation system was used to hack a very large number of websites.

 

[S Thomas]

Since it's up to the addon dev which tables, methods, etc he's going to use, this cannot be enforced from a technical point of view. The only way of enforcing this would be through an addon policy, which then again would require manual work to undergo a safety check every and each single time an addon gets updated or released.

On the other hand, nothing actually is encrypted (not sure if I'm using this term correctly in this context..) other than credentials in stock XF I believe (messages, conversations, ....) and there is good reasons why not.

So that being said, let's take your scenario. A XF based forum gets hacked. There are ftp credentials in private support tickets stored.
(1) How would your staff see those credentials? If your answer is "with some kind of authentication", then, well, your forum is hacked, thus, authentication is in the hands of the hacker.
(2) If your staff can see the credentials and you can continuously add more staff members, so they can see that aswell - and your forum gets hacked - what's the point of encryption?

These are basic scenarios. tl;dr: What you actually are trying to seek is a "one-way encryption" (hashing). This obviously does not work if you need the data in plain text, there has to be a key to unlock the encrypted content, which in the case of a hacked forum won't provide you any kind of security.

 

[Jake B.]

The encryption key would need to live somewhere, so you'd either have to keep it on the server (which is bad for obvious reasons), or require any user that could potentially ever view encrypted content keep a copy of it. Even then you'll need to either have a single private key that every one of these users have, or have a private key associated with that content that has been encrypted using each of the users public keys, which could be quite a slow process if you have a lot of users that it would need to encrypt this for

 

[Kirby]

Even then you'll need to either have a single private key that every one of these users have, or have a private key associated with that content that has been encrypted using each of the users public keys, which could be quite a slow process if you have a lot of users that it would need to encrypt this for

Or you could use a symmetric key for data encryption and store one public-key encrypted copy of this key for each recipient, this is what GPG does.