[wp-hackers] Wordpress database encryption.

jackie sparks jackie.craig.sparks at live.com
Sun Nov 27 06:20:07 UTC 2011


 http://code.google.com/p/wordpress-aes/source/browse/?name=development

I started working on it and have got the user meta values , and majority of the users table encrypted. Modded the setup to generate the keys. 

the development version fails on the login still but atleast populates the user fields.

I was doing a few things wrong and I think I still am. 


> From: jackie.craig.sparks at live.com
> To: wp-hackers at lists.automattic.com
> Date: Sun, 27 Nov 2011 00:37:54 -0500
> Subject: Re: [wp-hackers] Wordpress database encryption.
> 
> 
> Miscoded and rouge plugins, I'm talking about plugins that allow SQL injections. Not plugins that actually look like they have bad intent. 
> 
> --[Witty Signature Goes Below]---------------------------------------------------------------------------------------------------------------------
> --[....]------
> http://www.linkedin.com/profile/view?id=53668912&trk=tab_pro - linked in profile
> 
> http://www.facebook.com/skrapsrwt - feel free to add me on facebook.
> 
> http://www.ipetitions.com/petition/foodstamps/
> 
> 
> http://www.ipetitions.com/petition/nodeaddawgs/
> 
> 
> http://www.ipetitions.com/petition/mcdlunch/
> 
> 
> http://www.causes.com/causes/633686-no-dead-dawgs
> 
> 
> 
> http://www.phonesnake.com - looking for support by sharing and liking our page and also sponsors to help with the project.
> 
> http://www.communicationslibrary.info - taking the knowlege outside the classroom so anyone can be a technician
> 
> http://chunkhost.com/r/getachunk - Support my VPS host sign up now 
> 
> http://www.facebook.com/profile.php?ref=profile&id=100000140654932
> 
> https://www.scriptlance.com/cgi-bin/freelancers/feedback.cgi?p=rwtskraps
> 
> http://twitter.com/#!/skraps_foo
> 
> http://twitter.com/#!/phonesnake
> 
> http://skraps.pastebin.com
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=
> This e-mail (including attachments) is covered by the Electronic
> Communications Privacy Act, 18 U.S.C. Sections 2510-2521, is
> confidential, and is intended solely for the use of the individuals or
> entities to whom it is addressed. If you are not the intended
> recipient or the person responsible for delivering the e-mail to the
> intended recipient, be advised that you have received this e-mail in
> error and that any use, dissemination, forwarding, printing, or
> copying of this e-mail and any file attachments is strictly
> prohibited. If you have received this e-mail in error, please
> immediately notify me by email at jackie.craig.sparks at live.com. You must destroy
> the original transmission and its contents.
> 
> 
> > From: mikeschinkel at newclarity.net
> > Date: Sun, 27 Nov 2011 00:34:09 -0500
> > To: wp-hackers at lists.automattic.com
> > Subject: Re: [wp-hackers] Wordpress database encryption.
> > 
> > On Nov 27, 2011, at 12:18 AM, jackie sparks wrote:
> > > This can protect the data in the database from ... rouge plugins
> > 
> > If it is coded in core, then a rouge plugin would have access to the keys. It would be less likely a rouge plugin would make the effort to crack the security of another plugin, so I'd say a plugin would be more safe than core, not less.
> > 
> > > and miscoded plugins
> > 
> > How that?  If the plugins are miscoded and overwrite data, they still overwrite data, encrypted or no.
> > 
> > > This seems to be a huge problem, 
> > 
> > What kind of data are you trying to protect?  I assume that you are not worried about this just for personal blogging?  Is this for a client project, or are you just personally interested?
> > 
> > > if you read the sec lists in the past week.
> > 
> > Which lists/where are the archives that mention these issues?  I'd be interested to see those references.
> > 
> > -Mike
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
>  		 	   		  
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
 		 	   		  


More information about the wp-hackers mailing list