[wp-hackers] Encrypting comment_author_IP, comment_author_email and user_email

Peter Westwood peter.westwood at ftwr.co.uk
Sat Oct 24 07:18:18 UTC 2009 

On 23 Oct 2009, at 18:20, William Canino wrote:

> Hello,
>
> Has anyone heard of anyone writing a plugin that encrypts these three
> columns in the database level?
>
> a. $comment->comment_author_email, "SELECT comment_author_email FROM
> wp_comments" and "SELECT user_email FROM wp_users" will display
> gibberish.
>
> b. comment_author_email() will display gibberish unless a condition
> set in the plugin is true.
>

If you want to truly protect the address this is not possible!

> I would like assurance that someone who gains db access to the blog or
> get hold of a SQL dump cannot harvest email addresses.

You have a number of choices here:

Encrypt with a symmetric key algorithm so you can get the email  
address back temporarily when you need it - gravatar, checking  
comments are from same author etc.
The downside of this is you are adding a lot of extra computation to  
every page load and if someone gets access to the db it is likely they  
will also get access to steal the key and algorithm used too so you  
don't get much protection.
You also have the implementation cost of the crypto algorithm

Encrypt with a public-private key algorithm and don't have the private  
key on the server so you can only get the email address back offline  
where the private key exists. To handle gravatar you would have to  
cache the image locally yourself and replace the pluggable function.
To checking comments are from same author you would have to encrypt  
the incoming email address.
The downside of this is you have to do the caching of gravatars if you  
use them.
You also have the implementation cost of the crypto algorithm

Hash the email address using md5 - this is what is used to generate  
the gravatar url so you are alright there and load wise this should  
have little effect.
A plain md5 like this will be subject to the rainbow table worries and  
you would do better to use a salted md5 but then you will need to  
cache the gravatar image.
Using this method you can't get the email address back!

Hope this helps!
-- 
Peter Westwood
http://blog.ftwr.co.uk | http://westi.wordpress.com
C53C F8FC 8796 8508 88D6 C950 54F4 5DCD A834 01C5

More information about the wp-hackers mailing list