Can anything happen if I dont have a privacy policy?

Page 1 of 1 [ 2 posts ]

Joined: 7 Mar 2010
Age: 27
Gender: Male
Posts: 777
Location: In the zone

12 Aug 2012, 8:37 am

Hello!
I am making a website for a freinds Minecraft server complete with a forum section. He is worried about having a privacy policy. Do you think is completely necessary (Excuse my ignorance. Im pretty sure it is)?
I know I have already asked this, but I just thought I would get a second opinion. Im not sure how good the security is with my PHP coding, but everything is encrypted with MD5 from usernames right down to passwords and IPs.
Any ideas?

_________________
?Sometimes when you innovate, you make mistakes. It is best to admit them quickly, and get on with improving your other innovations.? -Steve Jobs.

Tomatoes
Toucan
Toucan

Joined: 25 Jun 2012
Gender: Male
Posts: 264

12 Aug 2012, 3:17 pm

You can't use MD5 to encrypt things because of the decision problem. MD5 is insecure for even its intended usage.
If your user names are hashed, denial of service becomes very easy. EDIT: not true, I was thinking about processing each username from the database every time an user wants to log in. Use good salt.
A good privacy policy is to not log anything not useful for the function.

edit: I confused sound sampling with the decision problem.

Page 1 of 1 [ 2 posts ]

Jump to:

Can anything happen if I dont have a privacy policy? Post Reply New Topic

Can anything happen if I dont have a privacy policy?