[wp-meta] [Making WordPress.org] #3244: Data Protection and Bank Detail issues

Making WordPress.org noreply at wordpress.org
Tue Nov 7 22:10:50 UTC 2017

#3244: Data Protection and Bank Detail issues
 Reporter:  Hugo Finley                 |       Owner:
     Type:  defect                      |      Status:  new
 Priority:  high                        |   Milestone:
Component:  WordCamp Site & Plugins     |  Resolution:
 Keywords:  needs-patch good-first-bug  |

Comment (by iandunn):

 Replying to [comment:7 TJNowell]:
 > Having thought about it further, as soon as the status is set to PAID
 the personal information should be immediately redacted or removed, a cron
 job shouldn't be necessary. This should simplify the technical side of

 I think that actually complicates the technical side, because it means
 that we'd have to write an additional script to go back and retroactively
 redact the existing data. A cron job would take care of that on the first

 Replying to [comment:9 TJNowell]:
 > Another thing to note is that currently it's possible to export
 reimbursements in full via the WordPress exporter

 Tom opened #3253 for that particular issue. It has some more details, but
 the TL;DR is that the exported data is essentially meaningless, because it
 can't be decrypted outside of WordCamp.org.

 Replying to [comment:13 idea15]:
 > It doesn't solve the issue of thousands of peoples' bank details
 (including mine) still being on American (?) servers from past WordCamps,
 available to any volunteer and his dog with an admin login.

 I don't think Andrea intended her comment to be applied to both of the
 problems that are being discussed in this ticket, only the one she was
 directly replying to.

 Both of the issues are valid, and the patch should include resolutions for
 both of them.

 Replying to [comment:13 idea15]:
 > And that's all assuming that all super admins use secure wifi in secure

 WordCamp.org requires HTTPS connections for wp-admin, so the data will
 still be encrypted even when sent over insecure wireless networks.


 I think the best way forward here is to:

 1. Setup the cron job described in comment:2. This will resolve issue !#1
 (data being kept longer than necessary).
 2. Hide the meta box from everyone except network admins and the post's
 author. That will resolve issue !#2 (other organizers having access to
 payment details). Something like `current_user_can( 'manage_network' ) ||
 get_current_user_id() === $post->author`. That probably needs to be
 applied to both ''displaying'' the metabox, and ''saving'' the
 corresponding data, to avoid removing the data if another organizer saves
 the post (because the fields would be missing from `$_POST`).

 @TJNowell, do you feel strongly enough about this to spend time
 contributing a patch?

Ticket URL: <https://meta.trac.wordpress.org/ticket/3244#comment:13>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org

More information about the wp-meta mailing list