Vulnerability in EPiServer.Forms
Another tricky obstacle has presented itself and I need some pointers. My client wants all data (i.e. forum topics, replys, etc) to be very securely hidden from the public, and hidden from attempts to unauthorized access to reading the contents of the database.
Are there any functions in EPiServer Community that allows me to encrypt and decrypt forum contents like we do with password hashing? If so, who what where and how? If not, are there any options?
There is no built functionality for this in EPiServer Community. Anyhow, you could encrypt (and maybe base64 encode) the content before saving it and then do the opposite when rendering. But this will result in that the moderation in admin will not work and you are going to have some real challenge when it comes to search.
I believe that there must be a better way to satisfy your customer's need for a secure solution.
Thanks for you advice. We have looked into database encryption, and I share your concerns about searching. However in this case the problem of searching might actually be beneficial. However, this is going to be a pain in the behind when the client want's both worlds, one completely separated, controlled and encrypted comminuty within a public community.