Feng Forum

Support => How To's => : editfish September 18, 2008, 01:34:00 AM

: Workspace Security?
: editfish September 18, 2008, 01:34:00 AM

I like the 'Properties' option with each added item, particularly with regards to the Weblinks.  I have been interested in using these to track various logins and passwords to the associated sites (not sharing the workspace with other users).

How secure is this with regards to the filesystem and/or MySQL?

Thus far I have been using mnemonics to enter the passwords (ie. 'reg+phone' or 'reg+reg+DOB'), but I am curious just how far this can be utilized securely?  Or am I completely misunderstanding the usage of this dashboard option?

Thanks!

: Re: Workspace Security?
: cabeza September 18, 2008, 08:21:28 PM

Hi editfish,
 properties are there for any particular use, completely multi-purpose. It is  simply metadata associated to an object. This metadata is only visible to users that can access the object itself. So the use you are giving to them sounds great.
Regarding security ... data is stored in a MySQL Server ... and the rest depends on you server configuration, permissions, etc.
Thanks,
Marcos

: Re: Workspace Security?
: conrado September 19, 2008, 11:15:16 AM

I would say you can trust it as much as you trust the people/company that can access that server with an admin -root- access level.

: Re: Workspace Security?
: editfish March 02, 2011, 11:57:22 AM

OK, so it's been a while since I started this thread, and have since moved my install to a SSL server, which, as I understand it, encrypts transmitted information (sent or received), but you are saying that the info in the database itself is NOT encrypted?

Are there any plans to encrypt some or all of the database, or will we always be dependent on the admins to not snoop through it?   ::)

This issue was brought back to my attention through the use of a small app (PHPChain) built specifically for storing encrypted passwords, and it would be great if it (or something similar) could be incorporated into Feng.

* PHPCHain - http://www.globalmegacorp.org/PHPChain/ (http://www.globalmegacorp.org/PHPChain/)

: Re: Workspace Security?
: franponce87 March 03, 2011, 11:30:20 PM

For the time being, yes, the information does not get encrypted when being written into the database, except for the passwords.

Best regards,
Francisco

: Re: Workspace Security?
: editfish March 03, 2011, 11:56:01 PM

Since there is already an encryption algorithm in place (for the passwords), how difficult would it be to expand it to include the 'custom properties' (custom data fields) added to object types through the administration panel?

(See attached mockup of what it might look like)