[wp-trac] [WordPress Trac] #43546: Add to the privacy tools UX a means to export personal data by username or email address

[WordPress Trac]

#43546: Add to the privacy tools UX a means to export personal data by username or
email address
------------------------------+-----------------------
 Reporter:  allendav          |       Owner:  allendav
     Type:  enhancement       |      Status:  assigned
 Priority:  normal            |   Milestone:  4.9.6
Component:  General           |     Version:  trunk
 Severity:  normal            |  Resolution:
 Keywords:  gdpr needs-patch  |     Focuses:
------------------------------+-----------------------

Comment (by jeremyfelt):

 Great work on this so far. :thumbsup: I'm just starting to catch up on the
 suite of GDPR tickets and have a lot to learn. :) I played around with
 [attachment:43546.5.diff] today in an attempt to start thinking through
 multisite implications.

 I'm worried at first glance with the ZIP file generation. Building the
 filename with a hashed email and timestamp would make it relatively easy
 for somebody who knows another user's email address to enumerate through
 thousands of filename possibilities in a short amount of time and
 potentially access other users' data exports.

 We don't really have a good system for this in WP. Multisite had `ms-
 files.php` as a way to route filename URLs to static files on the server,
 but that has been deprecated for a while.

 I think that for exported personal data, authentication should be required
 before the export file can be downloaded. Has there been any discussion
 around storing the data in a custom post type for a more dynamic retrieval
 on demand?

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/43546#comment:14>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform