[wp-hackers] Wordpress database encryption.

Mike Schinkel mikeschinkel at newclarity.net
Sun Nov 27 05:34:09 UTC 2011

On Nov 27, 2011, at 12:18 AM, jackie sparks wrote:
> This can protect the data in the database from ... rouge plugins

If it is coded in core, then a rouge plugin would have access to the keys. It would be less likely a rouge plugin would make the effort to crack the security of another plugin, so I'd say a plugin would be more safe than core, not less.

> and miscoded plugins

How that?  If the plugins are miscoded and overwrite data, they still overwrite data, encrypted or no.

> This seems to be a huge problem, 

What kind of data are you trying to protect?  I assume that you are not worried about this just for personal blogging?  Is this for a client project, or are you just personally interested?

> if you read the sec lists in the past week.

Which lists/where are the archives that mention these issues?  I'd be interested to see those references.


More information about the wp-hackers mailing list