Career Cybercounseling :: Blog :: A question about Elgg security, privacy and confidentiality

October 08, 2005

Career Cybercounseling - Pete Hubbard

A question about Elgg security, privacy and confidentiality

I'm about to embark on a project to use Elgg as a platform for a model for career cybercounseling and I (and others will) have a concern about Elgg security, confidentiality and privacy.

I know that access control via “access restrictions” is one of the strongest features in Elgg, but, not being a hacker, I don’t know HOW secure it is.

Does Elgg use encryption?

How hard would it be for someone with less than hacker capability to access a post that has an access restriction other than "public"?

Keywords: access control, access restrictions, confidentiality, Elgg security and confidentiality, encryption, privacy, security

Posted by Career Cybercounseling - Pete Hubbard

---

Comments

1. The most obvious way is to steal their username and password in the real world - so called "social hacking" which I think is probably still the #1 method of gaining entry. Equally, someone could be foolish enough to tick the 'remember me' box on a public computer. (Passwords, you may recall, are encrypted in the database.)
   
   To gain access to the database, which doesn't encrypt private entries (although that's something to think about for a later release), would require (1) admin access to the server, and (2) admin access to the database on the server. The only way in is through a fairly hardcore hack.

   Ben Werdmuller on Sunday, 09 October 2005, 15:01 CEST # |

You must be logged in to post a comment.

Profile Owner



Career Cybercounseling
| Tags | Resources

Moved or to be moved - see note in profile.

Forum & Blogs

• Community Forum
• Archive
• Members blog

Members

Pete Hubbard	Sally Gelardin
Donna Ford	Sue Aiken
Edward Colozzi	Harvey Schmelter-Davis
Ellen Weaver Paquette	Heidi Hubbard

• [View all members]

Files

• File Storage
  (0 files)