re: security ... My concerns about data integrity and security revolve around who has access to the server? How do you ensure security during the login procedure (lack of SSL for authentication for a single board isn't an enormous deal ... lack of SSL for a centralised system is)? How is data stored in the DB? Is it encrypted (and I mean encrypted ... not run through a non-encrypting algorithm a few times
) to reduce problems should the system be compromised? What legal framework do you have in place to cover yourselves and other users should the worst happen? Ya see there is a lot here to consider and I'm personally not convinced you've thought it all through ... no offence.
Only I have access to the Server root. We have an SSL Certificate from ComodoSecurityServicesCA which we will be installing later today for signups and Logins. The some data in the database is currently not Encrypted, for example the username, MSN, AIM ect, however the passwords are encrypted very highly. We have been notified by the Lawyer that as long as both parties agree, and that we have a good user agreement, then we are fine. When a user logs in, they are basically requesting us to send over their details, so its their choice whether to use it or not.
Rapid Dr3am can give you further information about this, as it was his Lawyer he contacted.
If you wish to contact me through MSN or any other method, please PM me and I will send you my contact details.
Thankyou, I understand that this is a big mod and will require alot of work put into the security and legal actions, but currently we have realy high security, and legal requirements are taking place right now.
James Parmee Morris
ps. Once more, We are in no way in connection with phpBB and all support questions should be sent to us!