peter.e.lind at gmail.com
Sat Jan 14 12:36:27 CET 2012
On 13 January 2012 17:59, Peter Lind <peter.e.lind at gmail.com> wrote:
> On Jan 13, 2012 5:48 PM, "Andreas Hennings" <lemon.head.bw at googlemail.com>
>> I think there are different "crypt" methods on the dev db checkout, and on
>> The "cheap" method on the dev db is just to wrap stuff into <crypt> tags,
>> something like that. The purpose is probably that developers still want to
>> be able to read it.
>> On production, I assume the values are really un-human-readable.
>> 2012/1/13 meinhard benn <meinhard at bewelcome.org>
>>> hi everybody,
>>> i am wondering since a while what the whole "crypted value" business is
>>> about. as far as i can see all values in the BW_CRYPTED database are in
>>> clear text. am i missing something, or why do we write personal data to
>>> a separate database?
>>> cheers, meinhard.
>>> bw-dev-discussion mailing list
>>> bw-dev-discussion at bewelcome.org
>> bw-dev-discussion mailing list
>> bw-dev-discussion at bewelcome.org
> Theres is no encryption on the database - only pretend. In fact, I proposed
> dropping the "encryption" a while back and the board backed it - so it
> should really be done away with.
Quick note: that decision was based upon the premise that noone had
come up with a proper working scheme. In theory, it could be as simple
as the admins knowing the secret key and initializing things upon
server startup, keeping the key (or a derivative or whatever) in
memory only. Nobody actually did anything to implement proper
encryption, and the only other proposed solutions were (if memory
serves) as pointless as what there is now.
I would personally await the switch to drupal and the focus efforts there.
WWW: plphp.dk / plind.dk
More information about the bw-dev-discussion