Is this different from message history?
Storing message history on the server in it's encrypted form is the only
solution that makes sense. To do that you need strong client-client
encryption, and I'm not sure what would happen if the user decided to change
his or her public/private keys - I guess the whole database would have to be
converted somehow. Hmm....
Anyway, best to move the question over to the Security list.
Michael.
> I'm going to be adding logging functionality to my client but I'm a
> bit uncomfortable about storing it in plain text by default.
>
> One way I though of doing things was to encrypt it all using the users
> jabber password, this would work fine until the user decided to change
> they're password using a different client...
>
> Maybe I could use a password stored in private XML storage on the
> server, the password could itself be encrypted using a locally stored
> password, thus an attacker would need access to both the users machine
> and the users Jabber account in order to decrypt they're log files.
>
> Does any one have any thoughts on this or has anyone found a good way
> of doing it?
>
> Thomas Parslow (PatRat) ICQ #:26359483
> Rat Software
> http://www.rat-software.com/
> Please leave quoted text in place when replying
>
>
> _______________________________________________
> jdev mailing list
> [EMAIL PROTECTED]
> http://mailman.jabber.org/listinfo/jdev
_______________________________________________
jdev mailing list
[EMAIL PROTECTED]
http://mailman.jabber.org/listinfo/jdev
