Serendipity Forums

Actually, encryption is not yet implemented. There are two main reasons for this:

1. It hurts performance. A Lot.

2. Encryption of the DB files is a very obscure concept which should only be used in very special cases.

In the case of Serendipity, it would be not useful to encrypt the data. The reason is that Serendipity needs to decrypt its contents to display them. That means the decryption logic needs to be stored in the PHP files.

That in turn means, every attacker to the PHP files will be able to decode the MySQL Data.

The only way encoding mysql data would make sense is, if your MySQL server is open to the public from a server where your blog is not stored. Then you have to physically different sources and could ensure the validity of the MySQL data. In ever different case, a person that is able to hack himself to MySQL would also be able to hack the PHP files and decode the MySQL data.

Best regards,
Garvin

Encryption:

As far as performance goes, I can imagine it'd hurt. I understand I'm asking for something out of the ordinary. I can't imagine people using this plugin for any application other than the one I'm talking about (which is why I volunteered the labor).

Accessing the password should likely involve a function call which reads a file on a USB key that contains the encryption/decryption keys which would need to be used every time the database is accessed - pull the key and the database is useless.

All of this work will be happening on my local machine or a LAN server which does little else. I can deal with the CPU consumption.

The above use of a USB key should negate the insecurities associated with simply giving the PHP code the encryption/decryption keys.

Yes, I'm being freaky, by choice. But this is for my journal - I don't want anyone reading it without me being there.

I could probably wade through the s9y code myself, and waste a few hours creating my own proprietary version. I'm betting someone else out there has some use for this software, which is why I ask how to write a plugin for this.

If this isn't something you guys would find valuable to have, let me know and I guess I will hack it myself.

Hi!

All of this work will be happening on my local machine or a LAN server which does little else. I can deal with the CPU consumption.

I see, now this all makes much more sense.

I could probably wade through the s9y code myself, and waste a few hours creating my own proprietary version. I'm betting someone else out there has some use for this software, which is why I ask how to write a plugin for this.

Actually writing a plugin for this will not be easy. Let me explain.

The reason is that the easiest place to put this feature is within our DB layer. You can find the functions in include/db/mysql.inc.php for example. Basically all you need to do is alter the serendipity_db_query(), serendipity_db_connect() and serendipity_db_schema_import() functions.

I must admit I haven't looked at the mysql encryption features, but they must be able to be placed there. You would need to modify the $query for each query to encrypt/decrypt data and write (or use) a parser for that data.

Now you could hook in your own plugin into this by making this decode/encode pass in a plugin. For this you could patch the serendipity_db_query() function like this:
Then your plugins could parse and modify $sql.

And now the reason why this isn't good/easy: Every call to a plugin hook costs performance, even if no plugins are executed in the queue stack. That'S because s9y has to query each plugin, if it wants to execute the hook. That means, for every DB Query s9y would have to query toe plugin API which would make it terribly slow even without plugins using it.

That's the reason why we cannot include that patch in the distribution on this place.

Another way for this to be "transportable" would be to write your own DB abstraction layer, just how we did layers for mysqli, postgresql and sqlite. Just add a file "mysql_encoded" and you could put all your en/decryption features into that file.

If this isn't something you guys would find valuable to have, let me know and I guess I will hack it myself.

I do think it's a nice and nifty feature for your isolated causes, and I would like to offer such functionality. But I myself don't have the time to dig into this, so if you're willing to do the work, that would be great! If you need help or have questions, feel free to ask!

Best regards,
Garvin

Hello:

Thanks for your time in explaining that, Garv. That's very helpful.
I'll take a look at creating an encrypting mysql db abstraction layer - should be fun. Now I just need to hook that server up..

UberDumm

Hello Garv/World!

I've finally managed to work out all the nuances of the encryption and s9y's use of mysql. The plugin works. The only thing that doesn't work as expected is searching. Clearly, searching for plaintext in an index of encrypted records is.. unproductive at best
The engine encrypts & decrypts the title, body, and extended body of the entries on-the-fly, using whatever encryption your PHP's mcrypt supports.

The key is a file, which can reside essentially anywhere.

My current implementation is a file stored on a USB key. When the key is inserted, the blog functions as normal. When removed, the blog dies before reaching the main screen, reporting an error in opening/creating the key.

Configuration is fairly simple. One need only change one variable to specify where the key should be. If the keyfile does not exist in the location specified, one will be created.

How do I get this code submitted?

Let me know what you guys think!

Thanks.

Whee, great stuff! I'd love to see that one public...although I fear it's kinda MySQL-centric.

You can submit the code by just mailing it to me. If you do that before Friday, I can even include it in our 0.9 distro.

Regards,
Garvin

Garv:
Great. I'll see about getting it to you later tonight (chicago time), GMT -5?
anyway, i'll do some looking into nl2br for the formatting issues (right now I have my 2 tiny functions that probably do almost the same thing as nl2br) - anyway.

Also, about the mysql-centric stuff, a rewrite to make PGSQL or other databases work should not be that difficult - It may be as easy as rewriting a few regexes.. or it may be more fun than that. What database are you looking for?

Just plain-ol' Postgres. It'd be just perfect if you could make that possible.

I'm currently in the process of rewriting the MySQL support to be more compatible/expandable/etc. Suffice it to say that the encryption stuff didn't make the 0.9 release.
I guess I'm shooting for 0.9.1 or 1.0
It's probably for the best anyway. I'd much rather see it tested before it gets into a stable release.

Anyway, there's the status update. Back to work!
Happy Birthday Garvin!