Quote:
Originally Posted by borked
hope so, and hoping it's a var/key that's readable cos when nats is not installed on the same server as say a support site, it's kinda hard to do include a nats file to be able to decrypt the email address.
Still, so long as a custom script could be made on the nats install to include the nats stuff to be able to decrypt the passwords, then it's all work-aroundable.
However, I'm with you - kinda pointless when you have mysql locked down to non-authorised IPs, which everyone should have anyway.
|
This is of course optional.
I really don't believe it is pointless. This is in place to try to help prevent email theft should someone gain access to mysql or a shell on the server. Every little bit helps and we want to do all we can to be as secure as possible. It is optional if you wish to not use it.
Also...
We have come up with a secure way to give a helper function to decrypt the emails if you'd like one for your helper scripts. Each client's emails are encrypted with a unique key. If you'd like, you can receive an encoded file with a function to decrypt both member and affiliate emails which is specific to your install. This can also of course be IP restricted. The function is called to encrypt (for search purposes) or decrypt a member or affiliate email. The IP restriction can also be setup to allow certain IPs to only be allowed to encrypt or decrypt and only be allowed to for members or affiliates (4 total combinations).
If you'd like to enable the encryption and/or get this helper script for your install please submit a ticket.