This topic is organized into two sections, Win32 platforms (including Win95/98/NT/00) and Unix flavors (FreeBSD and Linux).
Some general notes:
POD does not encrypt data sent on the internet. More on
this
| It is likely that your web server does not support encryption, therefore the passwords and data sent from and to your web server are not encrypted (for encryption, what you need is a server that is SSL-enabled. There is nothing POD can do about the security of the data transmitted on the internet). Therefore to ensure that nobody steals your data on the internet is YOUR responsibility (writing html files to take advantage of a secure server is your responsibility too, though you can find a lot of places teaching you to do that, which is quite easy). |
For performance considerations, POD does NOT
encrypt the database file or the passwords therein. More on this
| It is relatively trivial to encrypt password or
data, yet there is another problem: US Federal law prohibits exportation
of strong encryption softwares. I need to study the laws before I really
want to implement encryption in POD. It is also questionable whether POD
can be considered an encryption software, but if you set "password" size
as 400 and encrypt or decrypt an email message using POD is very possible.
Therefore it can be argued that POD IS an encryption software once I
implement this feature. So...
Even if password is encrypted in future version of POD, the data will probably not be encrypted for performance concerns. Therefore anybody with physical access to your web server machine can potentially view or damage your DB data. There is nothing POD can do about that either. You should use only trustworthy web hosting service, or if the server is on your own computer, restrict other people's access to it. |