[wp-hackers] Wordpress database encryption.

jackie sparks jackie.craig.sparks at live.com
Sun Nov 27 05:37:54 UTC 2011


Miscoded and rouge plugins, I'm talking about plugins that allow SQL injections. Not plugins that actually look like they have bad intent. 

--[Witty Signature Goes Below]---------------------------------------------------------------------------------------------------------------------
--[....]------
http://www.linkedin.com/profile/view?id=53668912&trk=tab_pro - linked in profile

http://www.facebook.com/skrapsrwt - feel free to add me on facebook.

http://www.ipetitions.com/petition/foodstamps/


http://www.ipetitions.com/petition/nodeaddawgs/


http://www.ipetitions.com/petition/mcdlunch/


http://www.causes.com/causes/633686-no-dead-dawgs



http://www.phonesnake.com - looking for support by sharing and liking our page and also sponsors to help with the project.

http://www.communicationslibrary.info - taking the knowlege outside the classroom so anyone can be a technician

http://chunkhost.com/r/getachunk - Support my VPS host sign up now 

http://www.facebook.com/profile.php?ref=profile&id=100000140654932

https://www.scriptlance.com/cgi-bin/freelancers/feedback.cgi?p=rwtskraps

http://twitter.com/#!/skraps_foo

http://twitter.com/#!/phonesnake

http://skraps.pastebin.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=
This e-mail (including attachments) is covered by the Electronic
Communications Privacy Act, 18 U.S.C. Sections 2510-2521, is
confidential, and is intended solely for the use of the individuals or
entities to whom it is addressed. If you are not the intended
recipient or the person responsible for delivering the e-mail to the
intended recipient, be advised that you have received this e-mail in
error and that any use, dissemination, forwarding, printing, or
copying of this e-mail and any file attachments is strictly
prohibited. If you have received this e-mail in error, please
immediately notify me by email at jackie.craig.sparks at live.com. You must destroy
the original transmission and its contents.


> From: mikeschinkel at newclarity.net
> Date: Sun, 27 Nov 2011 00:34:09 -0500
> To: wp-hackers at lists.automattic.com
> Subject: Re: [wp-hackers] Wordpress database encryption.
> 
> On Nov 27, 2011, at 12:18 AM, jackie sparks wrote:
> > This can protect the data in the database from ... rouge plugins
> 
> If it is coded in core, then a rouge plugin would have access to the keys. It would be less likely a rouge plugin would make the effort to crack the security of another plugin, so I'd say a plugin would be more safe than core, not less.
> 
> > and miscoded plugins
> 
> How that?  If the plugins are miscoded and overwrite data, they still overwrite data, encrypted or no.
> 
> > This seems to be a huge problem, 
> 
> What kind of data are you trying to protect?  I assume that you are not worried about this just for personal blogging?  Is this for a client project, or are you just personally interested?
> 
> > if you read the sec lists in the past week.
> 
> Which lists/where are the archives that mention these issues?  I'd be interested to see those references.
> 
> -Mike
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
 		 	   		  


More information about the wp-hackers mailing list