[wp-meta] [Making WordPress.org] #3253: Sensitive Post type data Can be Exported via WXR

Making WordPress.org noreply at wordpress.org
Tue Nov 7 21:29:29 UTC 2017


#3253: Sensitive Post type data Can be Exported via WXR
----------------------------------------+------------------
 Reporter:  TJNowell                    |       Owner:
     Type:  enhancement                 |      Status:  new
 Priority:  low                         |   Milestone:
Component:  WordCamp Site & Plugins     |  Resolution:
 Keywords:  needs-patch good-first-bug  |
----------------------------------------+------------------
Changes (by iandunn):

 * keywords:   => needs-patch good-first-bug
 * priority:  normal => low
 * type:  defect => enhancement


Comment:

 Hey Tom, in the future, I think potential privacy issues like this are
 best reported via [https://hackerone.com/wordpress HackerOne], so that we
 can resolve any problems before we make them public.

 In the case of the budgeting tools, though, I don't think there's anything
 to really be worried about. All of that data is already encrypted at rest,
 and won't be decrypted during export.

 For example, here's one that contains my personal checking account number:

 {{{
         <item>
                 <title>Lectern lights</title>
                 <dc:creator><![CDATA[iandunn]]></dc:creator>
                 <guid
 isPermaLink="false">https://2016.seattle.wordcamp.org/?post_type=wcb_reimbursement&p=1851</guid>
                 <wp:postmeta>
 <wp:meta_key><![CDATA[_wcbrr_name_of_payer]]></wp:meta_key>
                         <wp:meta_value><![CDATA[Ian
 Dunn]]></wp:meta_value>
                 </wp:postmeta>
                 <wp:postmeta>
 <wp:meta_key><![CDATA[_wcbrr_payment_method]]></wp:meta_key>
                         <wp:meta_value><![CDATA[Direct
 Deposit]]></wp:meta_value>
                 </wp:postmeta>
                 <wp:postmeta>
 <wp:meta_key><![CDATA[_wcbrr_ach_bank_name]]></wp:meta_key>
 <wp:meta_value><![CDATA[encrypted:dng72dBLMrts3LAG/SOXuF9YCsdidhY7xDASW/Sw:om/UTI49mUN8Z01VsXJZAA==:WX3eyZAZhEvZutjUYLW8iMOjbSis6bCta8lXpcto3r8=]]></wp:meta_value>
                 </wp:postmeta>
                 <wp:postmeta>
 <wp:meta_key><![CDATA[_wcbrr_ach_account_type]]></wp:meta_key>
 <wp:meta_value><![CDATA[Personal]]></wp:meta_value>
                 </wp:postmeta>
                 <wp:postmeta>
 <wp:meta_key><![CDATA[_wcbrr_ach_routing_number]]></wp:meta_key>
 <wp:meta_value><![CDATA[encrypted:GLhyXYdZjc34:B14QIClvxIa9r5HYuB+FUw==:PAGzDLWb6r1aKDew15uUkdn1Pxz4+Dd1WuW74BIawZQ=]]></wp:meta_value>
                 </wp:postmeta>
                 <wp:postmeta>
 <wp:meta_key><![CDATA[_wcbrr_ach_account_number]]></wp:meta_key>
 <wp:meta_value><![CDATA[encrypted:8SR4res4FsLohQ==:+SqJeKMu564u++yY2YoiNw==:Y9jNnemRqzdEHV6XN28TWAIUNUT8eA+hsGpuq0TxYdA=]]></wp:meta_value>
                 </wp:postmeta>
                 <wp:postmeta>
 <wp:meta_key><![CDATA[_wcbrr_ach_account_holder_name]]></wp:meta_key>
 <wp:meta_value><![CDATA[encrypted:7Oe16oFu0Ps=:4vyxJlz6tAA0RtSNsAH/1w==:oaFqiJ9fJZ+cCFZdMjdZPTjhpEa2nm22/wRzwwG8DbU=]]></wp:meta_value>
                 </wp:postmeta>

         </item>
 }}}

 Since the encryption relies on a private key, it can only be decrypted by
 the WordCamp.org production server. In the near future, it will also be
 redacted, per #3244.

 For the other post types, I don't see any harm in changing email addresses
 to `redacted at example.org` during export.

--
Ticket URL: <https://meta.trac.wordpress.org/ticket/3253#comment:1>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org


More information about the wp-meta mailing list