Hello, i installed on my localhost a copy of mybb for evaluating / testing.
First, it's a amazing peace of src code :-)
But i found a few problems in the Database.
The problem: private messages aren't encrypted in the table.
for my version i already added a small symmetric encryption / decryption function.
i would suggest this in a previous version for mybb.(because the database admin don't have to read PMS or the data have to be protected from a leak)
Best regards
Thanks for the feedback; MyBB truly is a masterpiece
I don't believe any major forum softwares encrypt PM's. Even if you encrypt them, the database admin could still get in seeing as he would have access to the decryption codes.
Actually admins have the full right to read PMs. For anything illegal goes across them the admin can still be held liable since it's on their site/server.
(2012-08-30, 02:27 PM)Alex Smith Wrote: [ -> ]Actually admins have the full right to read PMs. For anything illegal goes across them the admin can still be held liable since it's on their site/server.
Surely this.
(2012-08-30, 02:30 PM)crazy4cs Wrote: [ -> ] (2012-08-30, 02:27 PM)Alex Smith Wrote: [ -> ]Actually admins have the full right to read PMs. For anything illegal goes across them the admin can still be held liable since it's on their site/server.
Surely this.
It's also helpful if users are harassing other users.
Yeah the only thing I can see as there being a reason for encryption is password, and possibly email.
(2012-08-31, 04:20 AM)RAND0M1ZER Wrote: [ -> ]Yeah the only thing I can see as there being a reason for encryption is password, and possibly email.
If you hashed the email, there would be no way to email users or run mass mail. Most hashing is one-way in that you need to take input from a user, hash using the database's algorithm, then compare.
(2012-08-30, 02:27 PM)Alex Smith Wrote: [ -> ]Actually admins have the full right to read PMs. For anything illegal goes across them the admin can still be held liable since it's on their site/server.
Sorry but there isn't any "full right" to do that. I think that in most countries it is illegal to read the private correspondence of other people.
(2012-08-31, 08:09 AM)ekerazha Wrote: [ -> ] (2012-08-30, 02:27 PM)Alex Smith Wrote: [ -> ]Actually admins have the full right to read PMs. For anything illegal goes across them the admin can still be held liable since it's on their site/server.
Sorry but there isn't any "full right" to do that. I think that in most countries it is illegal to read the private correspondence of other people.
Admins have the right to read other users' pms if for example there is some sort of fight between users, then their pms can contain important evidence material.
You agree to that when you sign up to a forum.
I am all for renaming Private Messaging to Messaging, honestly. Once that is done, you just need to add a bit about it in the ToS/RA.