[wp-hackers] Encrypting comment_author_IP, comment_author_email and user_email
William Canino
william.canino at googlemail.com
Fri Oct 23 20:31:29 UTC 2009
True but I can restore the site from backups. But once the emails are
harvested, I cannot do anything about it.
My blog's theme says, "Your email is <i>never</i> published or
shared". This is why I want to do one step further.
Can the plugin basically hook pre_comment_author_email (encrypt it)
and hook get_comment_author_email, author_email and comment_email
(decrypt it if conditions are met)?
and the same with pre_comment_user_ip and get_comment_author_IP?
For user_email, it seems I have to override get_userdatabylogin() to decrypt it.
Matt mentioned get_avatar(). What else should I watch out for?
W
2009/10/23 William Canino <william.canino at googlemail.com>:
> Hello,
>
> Has anyone heard of anyone writing a plugin that encrypts these three
> columns in the database level?
>
> a. $comment->comment_author_email, "SELECT comment_author_email FROM
> wp_comments" and "SELECT user_email FROM wp_users" will display
> gibberish.
>
> b. comment_author_email() will display gibberish unless a condition
> set in the plugin is true.
>
> I would like assurance that someone who gains db access to the blog or
> get hold of a SQL dump cannot harvest email addresses.
>
> Also, if this is something one shouldn't worry about, why not?
>
> Thank you for your assistance.
>
> W
>
More information about the wp-hackers
mailing list