| Author |
 Topic  |
|
|
mikehawke
Starting Member
6 Posts |
 Posted - 31 January 2005 : 17:27:26
|
I'm the developer and administrator of a Snitz discussion board for an amateur sports organization to which my son is a member and I am a volunteer. The Executive are concerned that, as the developer, I would be able to see all the confidential discussions going on between members of the Executive. Some of these discussions might even be about my son! Is there any way that I can encrypt the T_MESSAGE and the R_MESSAGE columns so that even the developer cannot read the contents? I believe sha256 is one-way so I can't use it to decrypt... right?
If I can't figure this out, the discussion board is not going to fly. A member of the Executive had a nightmare situation happen to her in a previous club regarding this very situation and a devious volunteer developer/administrator.
Thanks in advance,
Mike |
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 31 January 2005 : 17:47:35
|
They are concerned you will see the posts in the database or in the forum?
If in the forum, you can demote yourself to a moderator status. An alternative would be using the UserGroups mod and restrict your account from that group (executive group) and allow only that group access to executive forums.
Is your role as the admin/developer a paid job or a volunteer job?
If not paid, why not finish working on the forum then remove yourself as the developer.
Allow the system admin for the site to change the passwords or limit your account from accessing the database.
Just thinking out loud. |
Support Snitz Forums
|
 |
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 31 January 2005 : 17:48:46
|
| An interesting problem, however, when writing/developing software there should be a certain amount of trust involved, this is something as a developer I would never dream of, and would not get very much work if I did. In a situation like this where there is a conflict of interests, they should really look for another developer if they do not trust you not to look. |
|
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 31 January 2005 : 18:02:52
|
quote:
In a situation like this where there is a conflict of interests, they should really look for another developer if they do not trust you not to look.
I agree. |
Support Snitz Forums
|
|
|
|
mikehawke
Starting Member
6 Posts |
Posted - 01 February 2005 : 15:03:41
|
I agree that trust is what's needed but as I mentioned, the Exec has been burned before. They also have an outside service building their static website but each modification costs them $$$. I realize I can demote myself to 'moderator' but that doesn't solve some key problems.
First, as the developer and the 'owner' of the webspace on which the forum is stored, I have access to the database itself. Secondly, I am the only volunteer who is technically capable of administering the thing and building the ASP wrapper application for it. Believe it or not, some people just don't think this stuff is fun! If I could just find a way to encrypt the T_MESSAGE and R_MESSAGE columns with a seed (that I don't have access to), they would be happy and the forum would fly! (Of course they still have to trust me when I tell them I can't crack the encryption!)
|
|
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 01 February 2005 : 15:14:42
|
quote:
(Of course they still have to trust me when I tell them I can't crack the encryption!)
If they can trust you in encrypting the messages in the database and that you really really can't read the messages, then why can't they trust you that you won't read the messages, even if is un-encrypted?
I think if they need to keep a discussion private from you, that they do it via email, and not the forum. The rest of the discussions can be done on the forum.
To the encryption idea, if you going to encrypt the message, it has to also be decrypted when viewing the message in the forum. So I don't see much luck in doing that. |
Support Snitz Forums
|
|
|
|
mikehawke
Starting Member
6 Posts |
Posted - 01 February 2005 : 23:03:28
|
One of the forum's main objectives was to eliminate the inherent problems of trying to have an email committee meeting. Even if they trust me, I'm nervous that if someone on the Executive happens to slip up and start a rumour, I might get blamed for it because I have access to the database. No responsibility, just accountability! Of course this development stuff is just a hobby of mine so it's all free to this organization. I'm never happy with what they already has in place and I think I can build something better! I guess I'll just have to get voted on to the Executive and solve the whole problem! Thanks for your interest!
|
|
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 01 February 2005 : 23:56:00
|
I don't know what else to suggest to you. One of the reasons of being the owner and developer is that you have access to everything.
Good luck with it! |
Support Snitz Forums
|
|
|
|
Doug G
Support Moderator
USA
6493 Posts |
Posted - 02 February 2005 : 02:27:30
|
Sounds to me like either your son should go, or you should not do the forum.
Why put yourself into a potentially nasty situation? You are going to be tempted to look at stuff because you have a non-technical interest in what's going on. Tell them someone else will do the techie stuff.
|
======
Doug G
======
Computer history and help at www.dougscode.com |
|
|
|
mikehawke
Starting Member
6 Posts |
Posted - 03 February 2005 : 06:30:25
|
Thanks for all your input. I would never ask my son to leave the organization cuz he's having too much fun so I'll have to work it out somehow.
Best Regards... |
|
|
|
Podge
Support Moderator
Ireland
3775 Posts |
|
| |
Topic |
|
Topic Locked
