[wp-meta] [Making WordPress.org] #3253: Sensitive Post type data Can be Exported via WXR
Making WordPress.org
noreply at wordpress.org
Tue Nov 7 21:29:29 UTC 2017
#3253: Sensitive Post type data Can be Exported via WXR
----------------------------------------+------------------
Reporter: TJNowell | Owner:
Type: enhancement | Status: new
Priority: low | Milestone:
Component: WordCamp Site & Plugins | Resolution:
Keywords: needs-patch good-first-bug |
----------------------------------------+------------------
Changes (by iandunn):
* keywords: => needs-patch good-first-bug
* priority: normal => low
* type: defect => enhancement
Comment:
Hey Tom, in the future, I think potential privacy issues like this are
best reported via [https://hackerone.com/wordpress HackerOne], so that we
can resolve any problems before we make them public.
In the case of the budgeting tools, though, I don't think there's anything
to really be worried about. All of that data is already encrypted at rest,
and won't be decrypted during export.
For example, here's one that contains my personal checking account number:
{{{
<item>
<title>Lectern lights</title>
<dc:creator><![CDATA[iandunn]]></dc:creator>
<guid
isPermaLink="false">https://2016.seattle.wordcamp.org/?post_type=wcb_reimbursement&p=1851</guid>
<wp:postmeta>
<wp:meta_key><![CDATA[_wcbrr_name_of_payer]]></wp:meta_key>
<wp:meta_value><![CDATA[Ian
Dunn]]></wp:meta_value>
</wp:postmeta>
<wp:postmeta>
<wp:meta_key><![CDATA[_wcbrr_payment_method]]></wp:meta_key>
<wp:meta_value><![CDATA[Direct
Deposit]]></wp:meta_value>
</wp:postmeta>
<wp:postmeta>
<wp:meta_key><![CDATA[_wcbrr_ach_bank_name]]></wp:meta_key>
<wp:meta_value><![CDATA[encrypted:dng72dBLMrts3LAG/SOXuF9YCsdidhY7xDASW/Sw:om/UTI49mUN8Z01VsXJZAA==:WX3eyZAZhEvZutjUYLW8iMOjbSis6bCta8lXpcto3r8=]]></wp:meta_value>
</wp:postmeta>
<wp:postmeta>
<wp:meta_key><![CDATA[_wcbrr_ach_account_type]]></wp:meta_key>
<wp:meta_value><![CDATA[Personal]]></wp:meta_value>
</wp:postmeta>
<wp:postmeta>
<wp:meta_key><![CDATA[_wcbrr_ach_routing_number]]></wp:meta_key>
<wp:meta_value><![CDATA[encrypted:GLhyXYdZjc34:B14QIClvxIa9r5HYuB+FUw==:PAGzDLWb6r1aKDew15uUkdn1Pxz4+Dd1WuW74BIawZQ=]]></wp:meta_value>
</wp:postmeta>
<wp:postmeta>
<wp:meta_key><![CDATA[_wcbrr_ach_account_number]]></wp:meta_key>
<wp:meta_value><![CDATA[encrypted:8SR4res4FsLohQ==:+SqJeKMu564u++yY2YoiNw==:Y9jNnemRqzdEHV6XN28TWAIUNUT8eA+hsGpuq0TxYdA=]]></wp:meta_value>
</wp:postmeta>
<wp:postmeta>
<wp:meta_key><![CDATA[_wcbrr_ach_account_holder_name]]></wp:meta_key>
<wp:meta_value><![CDATA[encrypted:7Oe16oFu0Ps=:4vyxJlz6tAA0RtSNsAH/1w==:oaFqiJ9fJZ+cCFZdMjdZPTjhpEa2nm22/wRzwwG8DbU=]]></wp:meta_value>
</wp:postmeta>
</item>
}}}
Since the encryption relies on a private key, it can only be decrypted by
the WordCamp.org production server. In the near future, it will also be
redacted, per #3244.
For the other post types, I don't see any harm in changing email addresses
to `redacted at example.org` during export.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/3253#comment:1>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list