1 zebproctor Jan 30, 2006 21:31
3 zebproctor Jan 31, 2006 16:00
Nate wrote:
Your posts are not stored in files accessible through your ftp server, they are stored in a database on your web server. Your posts are not encrypted, but the password you use to access your posts is encrypted.
A post that is marked "private" will not show up on your blog unless the person who posted it is logged in (then only they will see it). I'm not sure if all members of your blog who have the right group privileges will see the post or not. It's probably configurable.
So what would it take to get access to that file where the posts are stored? And I sure wish I could find what privileges would give someone access to my private posts so I could make darn sure I never check that. I've skimmed through most of the manual and played around with the setting with a "test" private post and logging in as other users, but to no avail.
4 personman Jan 31, 2006 16:02
For someone to see a private post, they would have to have your b2evolution username and password or your database username and password.
5 zebproctor Feb 01, 2006 14:09
personman wrote:
For someone to see a private post, they would have to have your b2evolution username and password or your database username and password.
So is there are there any plans to add encryption to posts in the future? Or is everyone happy with this level of security?
6 nate Feb 01, 2006 15:08
I think the weakest link in this setup is the username/password used to administer b2e, and I don't see how encrypting posts would help in that area.
7 village_idiot Feb 01, 2006 15:21
the difference between Davidrm Journal and nearly any blog application is that Davidrm Journal is strictly a software application that site on your hdd, just like Office, while a blog is an internet application.
Blogging software is generally used because bloggers want to be read (aside from a few protected posts, for some folks).
If the majority of what you write is stuff you wouldnt want shared, I see no reason to go with any blog application, including b2evo.
As for security in general, anything put up on the Internet, or used across the Internet has inherent risks. The mere act of getting online puts "stuff" at risks, but yes, most people are comfortable with those risks when and if, they choose to blog.
** And no, ive not heard of any plans to encrypt post content. Reasoning for doing is flawed, as most bloggers WANT to be read. Content being compromised isnt an issue, generally.
8 zebproctor Feb 01, 2006 16:54
whoo wrote:
the difference between Davidrm Journal and nearly any blog application is that Davidrm Journal is strictly a software application that site on your hdd, just like Office, while a blog is an internet application.
Blogging software is generally used because bloggers want to be read (aside from a few protected posts, for some folks).
If the majority of what you write is stuff you wouldnt want shared, I see no reason to go with any blog application, including b2evo.
As for security in general, anything put up on the Internet, or used across the Internet has inherent risks. The mere act of getting online puts "stuff" at risks, but yes, most people are comfortable with those risks when and if, they choose to blog.
** And no, ive not heard of any plans to encrypt post content. Reasoning for doing is flawed, as most bloggers WANT to be read. Content being compromised isnt an issue, generally.
Oh, I'm with you 100%. I sincerely wish I could stick with DavidRM's software for security reasons, but unfortunately I'm on the road 50% of my time, and would like to have a "journal" available to post on when I'm on the road (since I usually have more free time on the road than at home). I would say about 25% of my posts are of a private nature, and also understand that there are inherent risks to having those on the internet.
Having said that, I see no reason that there can't be enough security in place to keep those posts out of the hands of those that shouldn't see them (ie my family seeing posts of my disguist with their interference in my wife and I's life, my wife seeing posts of me tired of her bickering to confront my family, etc) If a hacker get's ahold of my posts, no biggie, but if my friends and family were to see some of the things I post, all hell would break loose.
Plus, those posts that aren't private, I do enjoy having available to the public.....
I guess this would all be a moot point if I could figure out how to post to my DavidRM software from the road, and to get the "export to a blog" feature working.
9 zebproctor Feb 01, 2006 17:08
WOW, I just checking in "The Journal" and b2evolution has a default profile for exporting posts from the journal, neat stuff!
10 topanga Feb 01, 2006 17:34
if it's not the hackers you are affraid of, then there is absolutely no need to get posts encrypted.
Your only flow is your username and password.
Pick some that is not at all trackeble by your loved ones.
For the rest, there is no need to make it more secure, because it is as secure as possible.
Even if posts would get encrypted, then they can be read once you put in the correct username and password.
11 zebproctor Feb 01, 2006 17:50
Topanga wrote:
if it's not the hackers you are affraid of, then there is absolutely no need to get posts encrypted.
Your only flow is your username and password.
Pick some that is not at all trackeble by your loved ones.For the rest, there is no need to make it more secure, because it is as secure as possible.
Even if posts would get encrypted, then they can be read once you put in the correct username and password.
good point. thanks for your time.
Your posts are not stored in files accessible through your ftp server, they are stored in a database on your web server. Your posts are not encrypted, but the password you use to access your posts is encrypted.
A post that is marked "private" will not show up on your blog unless the person who posted it is logged in (then only they will see it). I'm not sure if all members of your blog who have the right group privileges will see the post or not. It's probably configurable.