aaroncm

Encryption was just something I was considering throwing in, for the hell of it. Before I started this thread I didn't know much about it, I assumed I could throw in a few function calls and have some semi-decent security, but I guess not. I can see how it can be more trouble than it's worth. I don't need to encrypt message data, I just thought it would be something users would like. But like you have stated, the data is, for the most part, never going to be 100% secure. Thanks for the input. I still might play around with it anyway. (Also, Administrator Gizmola, do all posts have to be approved by a Moderator? Am I meant to have an email verification message or something because I haven't gotten one?) Thanks!

No I understood you fine. The message data isn't encrypted, unless the users manage it themselves. That's fine. I just didn't know what was the norm when it came to this sort of thing. So I've decided the messaging data can stay stored as plain text, and I'll limit chat history. And obviously keep the login password encryption.

Thanks for the advice. That does make sense. So basically, when it comes down to data privacy, most of the time someone's going to have access, and it's reliant on a trustworthy person more than encryption? That's fine. I wasn't 100% sure on how to go about the project when it came to user security and privacy. So are you saying it's common practice for chat data to be stored as plain text? For me it just wouldn't feel right being able to see other people's chat history. I'll just avoid it. I planned on making a chat system kind of in between instant and private messaging type. So I'll probably set a limit on message storage. Maybe 100 max history chat messages or something. Any further input is highly appreciated. Thanks a lot!!

Hi Guys, First off, not sure if this is the correct area to post. My question is a little bit mixed, including SQL and PHP. I'm building a basic private messaging system, and planned to use PHP, SQL for the storage, and a little bit of JS on the client. I'm a little confused when it comes to encryption though. My understanding with user password encryption is that the password is stored in the database as a hash, and then a user sent password is compared to the original hash for verification. I've implemented this successfully using password_verify() and password_hash() functions, and I'm pretty sure it's working fine. However, my big question is in regards to the storage of message data. As far as I can tell, this system won't work, it's really only suitable for password verification because the hash can't really be reverted to the original data, it can only be compared? How should I go about encrypting message data? Is it possible? If I open up a SQL database containing private message data on a server, I don't want to be able to read the contents. Any help would be greatly appreciated!