[wp-trac] [WordPress Trac] #14682: Privacy leakage: gravatars leak identity information
WordPress Trac
noreply at wordpress.org
Sun Sep 22 06:24:03 UTC 2019
#14682: Privacy leakage: gravatars leak identity information
-----------------------------+------------------------------
Reporter: jmdh | Owner: (none)
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: Awaiting Review
Component: Privacy | Version: 3.0
Severity: normal | Resolution:
Keywords: privacy-roadmap | Focuses:
-----------------------------+------------------------------
Comment (by pputzer):
Replying to [comment:57 chrisherbert]:
> If you're proxying Gravatars through the site itself, do you need to do
any hashing at all? Couldn't you just do something like example.com/wp-
admin/gravatar-proxy.php?comment_id=1234, which would fetch the Gravatar
server side and pass it on the user?
>
> That way you wouldn't be exposing anything more than the comment ID,
which doesn't seem sensitive at all. I guess you'd be serving some
redundant images, since each comment would have a unique image URL even if
they're from the same user. That doesn't seem like a big deal though.
Two main issues:
- Not all avatar uses are for comments (e.g. embedded author boxes, the
WordPress admin bar).
- Scalability - you don't want PHP proxying every single one of those
images on every page load.
So we need to construct a valid URL that can be handled directly by the
web server if the cached file already exists, but that allows PHP to have
all the necessary information to request the image upstream if it is not
there.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/14682#comment:58>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list