Hello There
I am wondering if its possible to encrypt a Post sourcecode. So for example when I post a Video in a BBCode post it will not show as plain in the sourcecode. It will show encryapted.
Hmm, I think the underlined assumption is wrong.If you did, then you would need to store the decryption key on your server alongside the post, making the entire process a complete waste of your time as anyone with access to your database also has access to decrypt your post.
I think you're a little bit caught up in the semantics of using the word "database" rather than "server" in this case. In order for a post to be displayable in the browser without the manual input of a decryption key, the decryption key will need to be stored either on disk or in the database (which is the same thing, really, as databases are files too).If post content is encrypted/decrypted before being sent to/received from the database using a key that is not stored in the database, a person who only has (full) access to the database (which might be on completely different server) does not automatically also have access to the key.
You just defeated your own point there. Although it may not be as easy with XenForo storing merely class loading instructions rather than actual PHP code directly in the database, there are still plenty of ways for a malicious attacker with DB access to gain access to your files as well, thus defeating the encryption of posts.If the data stored in the database also does not allow to gain access to that key I don't see a way how this person could decrypt the data unless there are (unknown) attack vectors that would allow access to the key by manipulating the DB (eg. using a PHP callback, etc.).
Encrypting a post is pointless in every single scenario except for a case where two members want to share content privately and they have exchanged the decryption key outside of your forum.
As pointed out before, there is a difference in having access to the database and having access to the filesystem.the decryption key will need to be stored either on disk or in the database (which is the same thing, really, as databases are files too).
Now I'm going to flip it around and get into semantics; having write access to the filesystem is very different to having read access.As pointed out before, there is a difference in having access to the database and having access to the filesystem.
Having access to the filesystem usually makes it very easy to gain access to the database, the crendentials are usually available in plaintext files.
On the other hand, having (limited) access to the database (for example via a SQL injection) does not necessarily allow easy access to the filesystem.
We use essential cookies to make this site work, and optional cookies to enhance your experience.