[wp-trac] [WordPress Trac] #39425: sending mails with e-sign certificate feature request
WordPress Trac
noreply at wordpress.org
Fri Dec 30 12:54:35 UTC 2016
#39425: sending mails with e-sign certificate feature request
-----------------------------+------------------------------
Reporter: studiojurdan | Owner:
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 4.7
Severity: normal | Resolution:
Keywords: | Focuses:
-----------------------------+------------------------------
Comment (by MattyRob):
There is a sign() method in PHPMailer already so technically speaking this
should not be difficult to achieve using the `phpmailer_init` hook in
WordPress.
That said, any attempt to sign an email needs a password. This should not
be stored in the database in plain text for obvious reasons, and perhaps
even storing is hashed is unwise as it could be reverse hashed by anyone
with broad database access to retrieve the original key. Storing in a file
on the server is also a pretty terrible idea.
So, user input is likely the way forward for this but the site would need
to be on a secure port and encrypted connection to ensure the password
could not be snooped by a man-in-the-middle attack.
So, although this request seems reasonable initially, it is the subject of
many security considerations. My opinion is that this should not be part
of the core and most probably should be avoided as a plugin too.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39425#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list