I want to have a form for users on a website where the messages are encrypted, so that not even the hosting company or the super administrator can read them. Only people in the same team can read the messages, but the messages are still hosted on the server. How to do this?
Asked
Active
Viewed 89 times
0
-
What privileges do the "super admin" have? Can he read the database contents directly? If the site is supposed to be able to show the content to the team members, there has to be a way for the system to read it. And any server user with full privileges everywhere would be able to read whatever is on the system - so it all comes down to what you mean by "super administrator". – Tomas Aschan Jan 24 '10 at 19:50
-
is the windows Administrator the highest access? – Jan 24 '10 at 19:53
1 Answers
1
You could do the encryption with JavaScript on the client side. See this question for a few suggestions.
However, you're still susceptible to interference from malicious administrators editing the JavaScript. I can't really see a way around that; you can't trust code running on an untrusted server.
Community
- 1
- 1
Nicholas Riley
- 43,532
- 6
- 101
- 124
-
Well, there is homomorphic encryption, which hasn't been realized yet, but might be in the future: http://en.wikipedia.org/wiki/Homomorphic_encryption – Pimin Konstantin Kefaloukos May 02 '12 at 17:09