Best way to Store Passwords, User information/Profile data and Photo/Video albums for a social website?

Question

Need some help figuring out how to best Store Passwords, User information/Profile data and Photo/Video albums for a social website? For photos/videos the actual photo/video + even encrypting the URL with the IDs to the photo/videos so other users cannot figure it out. Creating a site like myspace and designing retirement documents but i am unsure how to specify the security requirements for the database.

Two things: 1) Protect from outside users 2) Protect all these from employees being able to access this info

For #2, the additional question is: If we encrypt the user info and password so even the system admins cannot get in, how can we retrieve the user data tomorrow if someone flags the user's account as spam and admin needs to check it out or if law enforcement wants info on a user?

Thanks.

Answer 1

This is a heavily duplicated question and thats probably why no one has touched it. You need to use a secure message digest function like SHA256. Passwords should be salted with a large randomly generated value. You should never need to obtain the plain text password. Law enforcement and administrators should be able to use a special administrative account which could assume the identify account.

Answer 2

What about the messages between users, wall posts, etc? I want to add a way for users to encrypt their postings/messages as an addon. Any frameworks that can be added on for Php to do this?

Thanks.