2016-12-26, 03:55 AM
So I have an idea which may or may not be outside the scope of MyBB but could improve the security of the system.
MyBB should encrypt the user tables (or at least the password, salt, and loginkey parts, maybe encrypt other things like the email address and IP Addresses, or the entire table, or even everything in the database) with a special key (randomly generated by the MyBB Core) that's inserted into the config.php file or the MyBB 2.0 equivelent.
Normal database calls would obviously not have access to this key and would only get an encrypted blob and not the real value, ONLY the login functions would have access to the key, so if your forum had an SQLi vuln or someone somehow gained database access, it would be useless when trying to access the user account table since each value would be encrypted.
Maybe a similar system (again with a seperate key) could be implemented for private messages.
Obviously for performance reasons the entire database shoudn't be encrypted, only the values with sensative, non-public information should be.
No Database Encryption Login:
Database Encryption Login:
So what do you think about this idea? It'd provide a little more time for users to get the message so they wouldn't have to worry about the speed they changed their passwords at because the data would be inaccessible to the attacker for at least quite some time. I know it'd be quite a bit of extra development work but it could improve of the login system and further protect users. Your thoughts?
MyBB should encrypt the user tables (or at least the password, salt, and loginkey parts, maybe encrypt other things like the email address and IP Addresses, or the entire table, or even everything in the database) with a special key (randomly generated by the MyBB Core) that's inserted into the config.php file or the MyBB 2.0 equivelent.
Normal database calls would obviously not have access to this key and would only get an encrypted blob and not the real value, ONLY the login functions would have access to the key, so if your forum had an SQLi vuln or someone somehow gained database access, it would be useless when trying to access the user account table since each value would be encrypted.
Maybe a similar system (again with a seperate key) could be implemented for private messages.
Obviously for performance reasons the entire database shoudn't be encrypted, only the values with sensative, non-public information should be.
No Database Encryption Login:
- Get login attempt info from user
- Check againist stored password hash and salt
- Accept or Reject Session
Database Encryption Login:
- Get login attempt info from user
- Decrypt stored password hash and salt and keep in temporary memory
- Check againist temporary memory
- Accept or Reject Session
So what do you think about this idea? It'd provide a little more time for users to get the message so they wouldn't have to worry about the speed they changed their passwords at because the data would be inaccessible to the attacker for at least quite some time. I know it'd be quite a bit of extra development work but it could improve of the login system and further protect users. Your thoughts?
Software Engineer specializing in C# Program Development