"The good news is hell is just the product of a morbid human imagination.
The bad news is, whatever humans can imagine, they can usually create." - Harmony Cobel
thecoalman wrote: ↑Sat Oct 21, 2017 6:27 amsomeone that hacks into the server.
No, the database can still reside elsewhere or have its own encryption.
"The problem is probably not my English but you do not want to understand correctly. ... We will not come anybody anyway, nevertheless, it's best to shit this." Affin, 2018-11-20 ↑
"But this shit is not here for you. You can follow with your. Maybe the question, instead, was for you, who know, so you shoved us how you are." axe70, 2020-10-10 ↑
"My reaction is not to everyone, especially to you." Raptiye, 2021-02-28 ↑
thecoalman wrote: ↑Sat Oct 21, 2017 6:27 amsomeone that hacks into the server.
No, the database can still reside elsewhere or have its own encryption.
And how many sites phpBbB will have a setup like that? .0000000009%?
It would protect the database server but If your application server is hacked they have the private key and the credentials for the database server. It's not without merit but certainly no replacement for a system where the private key is held by the user and/or the admin alone.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”
Oh, if we want to talk about probability instead of facts I could post even more things to access private messages. My fault.
"The problem is probably not my English but you do not want to understand correctly. ... We will not come anybody anyway, nevertheless, it's best to shit this." Affin, 2018-11-20 ↑
"But this shit is not here for you. You can follow with your. Maybe the question, instead, was for you, who know, so you shoved us how you are." axe70, 2020-10-10 ↑
"My reaction is not to everyone, especially to you." Raptiye, 2021-02-28 ↑
AmigoJack wrote: ↑Tue Oct 24, 2017 6:59 am
Oh, if we want to talk about probability instead of facts I could post even more things to access private messages. My fault.
You are arguing in circles. It's not a matter of if they can be protected, it's a matter of implementing it.
Minimally they can be protected using the password as the private key. This would be far from 100% secure but would be better than nothing.
As it is now with crime syndicates and state backed hacking aggregating data from various sources steps that can be taken to protect users data should be taken.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”