Search found 525 matches

by Senky
Mon Jul 15, 2019 5:43 am
Forum: Extensions in Development
Topic: [DEV] Encrypted PMs
Replies: 78
Views: 2654

Re: [DEV] Encrypted PMs

FredQ wrote:
Sat Jul 13, 2019 6:20 pm
...browser will decrypt the message for you - not phpBB at that stage. Same for the encryption, the message is encrypted by the browser before sending...
This is already part of the specs.
by Senky
Fri Jul 05, 2019 7:01 am
Forum: Extensions in Development
Topic: [DEV] Encrypted PMs
Replies: 78
Views: 2654

Re: [DEV] Encrypted PMs

thecoalman wrote:
Thu Jul 04, 2019 10:44 am
...how difficult would it be to extend this to admin selected custom profile fields? e.g admin creates a hidden phone number field and the data would only be accessible by the admin using a master key...
Not very difficult, interesting use case. ;)
by Senky
Thu Jul 04, 2019 7:50 am
Forum: Extensions in Development
Topic: [DEV] Encrypted PMs
Replies: 78
Views: 2654

Re: [DEV] Encrypted PMs

It is in an early stage, no download is provided, yet.
by Senky
Mon Jul 01, 2019 12:38 pm
Forum: Extensions in Development
Topic: [DEV] Encrypted PMs
Replies: 78
Views: 2654

Re: [DEV] Encrypted PMs

Well, there just isn't a simple way to restore all encrypted messages with a single click. That would beat all the purpose of the ext.
by Senky
Mon Jul 01, 2019 7:37 am
Forum: Extensions in Development
Topic: [DEV] Encrypted PMs
Replies: 78
Views: 2654

Re: [DEV] Encrypted PMs

That does raise an interesting point. What happens if the extension is disabled? Can no PMs be read? @EA117 - Technically when an extension is disabled AND the data deleted it should leave the board in the same state as it was before the extension was enabled. Only encrypted PMs couldn't be read. A...
by Senky
Fri Jun 28, 2019 6:00 am
Forum: Extensions in Development
Topic: [DEV] Encrypted PMs
Replies: 78
Views: 2654

Re: [DEV] Encrypted PMs

I can't allow moderators to look at them. If every moderator owned a key for every message, it beats the whole purpose. But moderators would only be able to read them if they were reported to them. Reporting of messages MUST remain as a feature. This could potentially be done by adding all moderato...
by Senky
Thu Jun 27, 2019 1:47 pm
Forum: Extensions in Development
Topic: [DEV] Encrypted PMs
Replies: 78
Views: 2654

Re: [DEV] Encrypted PMs

canonknipser wrote:
Thu Jun 27, 2019 11:18 am
This is a step back, I think.
I understand your points, it really is much simpler with using reporting button. But in order for messages to be truly encrypted, I can't allow moderators to look at them. If every moderator owned a key for every message, it beats the whole purpose.
by Senky
Thu Jun 27, 2019 10:33 am
Forum: Extensions in Development
Topic: [DEV] Encrypted PMs
Replies: 78
Views: 2654

Re: [DEV] Encrypted PMs

canonknipser wrote:
Thu Jun 27, 2019 9:48 am
What about reporting a encrypted PM? Do the moderators handling the report need the keys as well?
You won't be able to report the PM directly. You can, however, forward it to the moderator in decrypted form.
by Senky
Thu Jun 27, 2019 7:48 am
Forum: Extensions in Development
Topic: [DEV] Encrypted PMs
Replies: 78
Views: 2654

Re: [DEV] Encrypted PMs

Okay. Something about that seems "impossible", since having access to the DB and the file system gives the site owner(s) access to everything the extension has access to, and the extension is able to decrypt them. But perhaps there is still a piece that is not described or not being taken into acco...
by Senky
Wed Jun 26, 2019 1:36 pm
Forum: Extensions in Development
Topic: [DEV] Encrypted PMs
Replies: 78
Views: 2654

Re: [DEV] Encrypted PMs

That's why a master-key is needed as I mentioned above :) Master key hold by the admin is a no-go. That actually beats the main purpose. Although I understand this might protect your messages from outside threats, the aim of this ext is to protect it even from the inside ones. So there can be a rec...
by Senky
Wed Jun 26, 2019 12:13 pm
Forum: Extensions in Development
Topic: [DEV] Encrypted PMs
Replies: 78
Views: 2654

Re: [DEV] Encrypted PMs

I would honestly suggest for this to be added to the core of phpbb without the possibility to turn it off or making it on/off per user outside of admin's reach. That is not ideal. The "problem" with the encrypted PMs is that when you forget your password, you won't get them back. You loose them all...
by Senky
Wed Jun 26, 2019 7:14 am
Forum: Extensions in Development
Topic: [DEV] Encrypted PMs
Replies: 78
Views: 2654

Re: [DEV] Encrypted PMs

So, if a board admin owns all encryption keys, what can technically prevent the admin from decrypting encrypted PM? No, he doesn't own the private key. He only owns a hash of private key. It's the same thing as with passwords. Admin can see the hashes, but will never know the real password. Sure, a...
by Senky
Tue Jun 25, 2019 2:40 pm
Forum: Extensions in Development
Topic: [DEV] Encrypted PMs
Replies: 78
Views: 2654

Re: [DEV] Encrypted PMs

Are encryption keys going to be stored in the database? Yes, every user will have a public key (used to encrypt message for him/her) stored along with an AES-encrypted private key (used to decrypt the messages). The password used to encrypt the private key is derived from the user password (its has...
by Senky
Tue Jun 25, 2019 1:24 pm
Forum: Extensions in Development
Topic: [DEV] Encrypted PMs
Replies: 78
Views: 2654

[DEV] Encrypted PMs

Hi everyone! You see, there is an extension for reading user private messages. Am I the only one feeling bad for this? It should be the other way around, we should show the users how much we value their privacy. As admins, we are responsible for building trust in our communities. That's why I am dev...
by Senky
Mon Jun 10, 2019 8:55 am
Forum: Extension Writers Discussion
Topic: Routing (or maybe not)
Replies: 3
Views: 292

Re: Routing (or maybe not)

Just call the controller directly. Load the controller object using DI container and call the same method that routing is calling.

Go to advanced search