1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.2 Encrypting XF Data store?

Discussion in 'XenForo Questions and Support' started by Main Company, Feb 17, 2014.

  1. Main Company

    Main Company Active Member

    We're setting up a XF instance for a small private group of collaborators and I'm hoping to take as many precautions as possible to secure the data. Hence, I'm looking into the possibility of installing TrueCrypt on the server in order to encrypt the attachment directory. But I have no idea where forum data is stored and whether I can also encrypt or protect this data in any other way. Does anyone have any experience with methods for securing forum content, as I'd be interested in your various solutions.

    By the way, we're installing an SSL cert so that all page is done over https. But that doesn't protect the data if the server is compromised.
     
    Last edited: Feb 17, 2014
  2. Jeremy

    Jeremy XenForo Moderator Staff Member

    The forum attachments are located within the data/ and internal_data/ directories.
     
  3. Main Company

    Main Company Active Member

    Right, but where are posts stored?
     
  4. Jeremy

    Jeremy XenForo Moderator Staff Member

    The database.
     
  5. Main Company

    Main Company Active Member

    MySQL? I assume on the local disk, but where?

    So, if MySQL, would I be able to create an encrypted volume on the local disk and tell MySQL to place its data directory in the encrypted volume?

    And, if this is possible, has anyone done this?
     
  6. Jeremy

    Jeremy XenForo Moderator Staff Member

    I have no experience in encryption. Talking with your host would be the best recommendation on how to see if encrypting your database is possible. They'll know your specific server set up.
     
  7. Main Company

    Main Company Active Member

    Will do. I was just curious if anyone has actually taken these sort of precautions. I know I don't want my content getting into a hacker's hands.
     
  8. Main Company

    Main Company Active Member

    Oh, and just to make sure we're on the same page, I'm not trying to encrypt the db, I'm just hoping to locate the db within an encrypted volume. So, once the machine is booted and the volume mounted, XF should be able to communicate with the db normally. It just means that if anyone tries to reboot the machine in order to hack-in, they won't be able to mount the encrypted volume where the XF db is stored, and hence won't be able to gain access to the db.
     
  9. Mike

    Mike XenForo Developer Staff Member

    It sounds like you just want whole disk encryption. If you only encrypt some of the data, you couldn't rely on the binaries not being tampered with, for example (which would allow your data to be accessed later).

    That said, once the server is running, the door is unlocked. I would suggest that someone is more likely to get access to your server via software than via physical access, for example.
     
    HWS likes this.
  10. Main Company

    Main Company Active Member

    We are seeking to encrypt a volume only because I don't think my host will give me full disk encryption, but yes, at least I am closing the door on physical intrusion by also including something like Tripwire to monitor binaries, which should at least notify me of binary changes before remounting the encrypted volume after a reboot. In that scenario, I guess I can at least choose to re-deploy another instance of the machine with a copy of the data, rather than continuing to use a machine where the binaries have been compromised, potentially exposing the data. I just don't want to experience what happened to Kickstarter recently, so while it's not perfect, hopefully I can prevent someone from being able to run off with my data.
     
    Last edited: Feb 18, 2014

Share This Page