[wp-hackers] Encrypting comment_author_IP, comment_author_email and user_email
Peter Westwood
peter.westwood at ftwr.co.uk
Sat Oct 24 07:18:18 UTC 2009
On 23 Oct 2009, at 18:20, William Canino wrote:
> Hello,
>
> Has anyone heard of anyone writing a plugin that encrypts these three
> columns in the database level?
>
> a. $comment->comment_author_email, "SELECT comment_author_email FROM
> wp_comments" and "SELECT user_email FROM wp_users" will display
> gibberish.
>
> b. comment_author_email() will display gibberish unless a condition
> set in the plugin is true.
>
If you want to truly protect the address this is not possible!
> I would like assurance that someone who gains db access to the blog or
> get hold of a SQL dump cannot harvest email addresses.
You have a number of choices here:
Encrypt with a symmetric key algorithm so you can get the email
address back temporarily when you need it - gravatar, checking
comments are from same author etc.
The downside of this is you are adding a lot of extra computation to
every page load and if someone gets access to the db it is likely they
will also get access to steal the key and algorithm used too so you
don't get much protection.
You also have the implementation cost of the crypto algorithm
Encrypt with a public-private key algorithm and don't have the private
key on the server so you can only get the email address back offline
where the private key exists. To handle gravatar you would have to
cache the image locally yourself and replace the pluggable function.
To checking comments are from same author you would have to encrypt
the incoming email address.
The downside of this is you have to do the caching of gravatars if you
use them.
You also have the implementation cost of the crypto algorithm
Hash the email address using md5 - this is what is used to generate
the gravatar url so you are alright there and load wise this should
have little effect.
A plain md5 like this will be subject to the rainbow table worries and
you would do better to use a salted md5 but then you will need to
cache the gravatar image.
Using this method you can't get the email address back!
Hope this helps!
--
Peter Westwood
http://blog.ftwr.co.uk | http://westi.wordpress.com
C53C F8FC 8796 8508 88D6 C950 54F4 5DCD A834 01C5
More information about the wp-hackers
mailing list