[wp-hackers] Encrypting comment_author_IP, comment_author_email and user_email

Tim Moore tim at feyreal.com
Fri Oct 23 17:32:16 UTC 2009


Most encryption to a database is a one way street. Once the email addresses
are encrypted, you can't get them back in any useful way. Which makes
collecting the email addresses pointless.

In my experience, anyone breaking into a database is there not to gain a
list of email addresses to spam, but to gain usernames and passwords.
They're on a whole other level than email harvesters.

<tim>

On Fri, Oct 23, 2009 at 1:20 PM, William Canino <
william.canino at googlemail.com> wrote:

> Hello,
>
> Has anyone heard of anyone writing a plugin that encrypts these three
> columns in the database level?
>
> a. $comment->comment_author_email, "SELECT comment_author_email FROM
> wp_comments" and "SELECT user_email FROM wp_users" will display
> gibberish.
>
> b. comment_author_email() will display gibberish unless a condition
> set in the plugin is true.
>
> I would like assurance that someone who gains db access to the blog or
> get hold of a SQL dump cannot harvest email addresses.
>
> Also, if this is something one shouldn't worry about, why not?
>
> Thank you for your assistance.
>
> W
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list