[JDEV] Encrypting logs
Michael Brown
michael at aurora.gen.nz
Mon Sep 3 09:18:19 CDT 2001
Is this different from message history?
Storing message history on the server in it's encrypted form is the only
solution that makes sense. To do that you need strong client-client
encryption, and I'm not sure what would happen if the user decided to change
his or her public/private keys - I guess the whole database would have to be
converted somehow. Hmm....
Anyway, best to move the question over to the Security list.
Michael.
> I'm going to be adding logging functionality to my client but I'm a
> bit uncomfortable about storing it in plain text by default.
>
> One way I though of doing things was to encrypt it all using the users
> jabber password, this would work fine until the user decided to change
> they're password using a different client...
>
> Maybe I could use a password stored in private XML storage on the
> server, the password could itself be encrypted using a locally stored
> password, thus an attacker would need access to both the users machine
> and the users Jabber account in order to decrypt they're log files.
>
> Does any one have any thoughts on this or has anyone found a good way
> of doing it?
>
> Thomas Parslow (PatRat) ICQ #:26359483
> Rat Software
> http://www.rat-software.com/
> Please leave quoted text in place when replying
>
>
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
More information about the JDev
mailing list