[wp-hackers] Wordpress database encryption.
Mike Schinkel
mikeschinkel at newclarity.net
Sun Nov 27 05:34:09 UTC 2011
On Nov 27, 2011, at 12:18 AM, jackie sparks wrote:
> This can protect the data in the database from ... rouge plugins
If it is coded in core, then a rouge plugin would have access to the keys. It would be less likely a rouge plugin would make the effort to crack the security of another plugin, so I'd say a plugin would be more safe than core, not less.
> and miscoded plugins
How that? If the plugins are miscoded and overwrite data, they still overwrite data, encrypted or no.
> This seems to be a huge problem,
What kind of data are you trying to protect? I assume that you are not worried about this just for personal blogging? Is this for a client project, or are you just personally interested?
> if you read the sec lists in the past week.
Which lists/where are the archives that mention these issues? I'd be interested to see those references.
-Mike
More information about the wp-hackers
mailing list