Log on:
Powered by Elgg

Career Cybercounseling :: Blog :: A question about Elgg security, privacy and confidentiality

October 08, 2005

user icon
Career Cybercounseling - Pete Hubbard

A question about Elgg security, privacy and confidentiality

I'm about to embark on a project to use Elgg as a platform for a model for career cybercounseling and I (and others will) have a concern about Elgg security, confidentiality and privacy.

I know that access control via “access restrictions” is one of the strongest features in Elgg, but, not being a hacker, I don’t know HOW secure it is.

Does Elgg use encryption?

How hard would it be for someone with less than hacker capability to access a post that has an access restriction other than "public"?

Keywords: access control, access restrictions, confidentiality, Elgg security and confidentiality, encryption, privacy, security

Posted by Career Cybercounseling - Pete Hubbard

Comments

  1. The most obvious way is to steal their username and password in the real world - so called "social hacking" which I think is probably still the #1 method of gaining entry. Equally, someone could be foolish enough to tick the 'remember me' box on a public computer. (Passwords, you may recall, are encrypted in the database.)

    To gain access to the database, which doesn't encrypt private entries (although that's something to think about for a later release), would require (1) admin access to the server, and (2) admin access to the database on the server. The only way in is through a fairly hardcore hack.

    Ben WerdmullerBen Werdmuller on Sunday, 09 October 2005, 15:01 CEST # |

You must be logged in to post a comment.