Encryption maybe?

[gary-host-laptop]

I'd like to know your opinion on adding encryption at some level. From my understanding adding encryption to the database would make things slower so I guess it's not worth it, but maybe encrypting the images? Alternatively a gallery lock?

[leqwin]

I think the issue of encryption in monbooru is a bit similar to encryption in paperless-ngx (which was removed because according to the dev it didn't provide additional security : https://docs.paperless-ngx.com/administration/#encryption).

If we are talking about server level encryption (of the database or the images in the gallery), it is true that it would not really add much security because the server would need to be able to decrypt them. If the threat model is to prevent someone who has no access to the OS to read from the disk it would make more sense and be a lot more safe to just use full disk encryption rather than storing encryption keys in the monbooru data.

If the idea is to have end to end client encryption (the client can read the images and the server cannot), it would be more complex to implement as it would require a way for the client to manage the encryption keys. Given that monbooru is designed for LAN use, I don't think it would make a lot of sense to trust your client but not your server.

Also, as for the gallery lock, monbooru already allows you to set up a password in the settings that locks down the gallery behind a password to hide it from other clients on the LAN. Is it what you had in mind or is it something else?