How to play otsbet games.Claim Your Free 999 Pesos Bonus Today

bquade
(@bquade)

12 years, 1 month ago

What if a wordpress plugin were to store “semi-sensitive” data in database tables that were created by that plugin? The data would be separate from the common wordpress tables, so it would seem private and secure. But as far as I know, all plugins access the database through the same database user. So, even if the database is secure, I don’t have any control over which other plugins might want to take a peak and see what I have in my tables. And anyone could download my source code to see what I am doing to attempt to hide the “semi-sensitive” data. I don’t know if anyone monitors plugins to see if they are snooping around where they shouldn’t be. And I suppose some of the responsibility lies with the user to make sure they trust the sources of their plugins. But tight security is always the best option whenever possible.

I thought of creating a new database user, that would have exclusive access to the tables that my plugin creates. But that would require the common wordpress database user to have privileges to create new users, and also to have privileges to grant that new user access to the common wordpress tables. Whatever privileges the wordpress database user has is up to the system administrator who installed wordpress. And even if I were able to do that, I would still have to store the login information for that user in a file somewhere. Every other plugin could get access to that file since, as far as I know, they are all running under the same web server user, so there is no way to restrict access to a directory or a file to only one plugin.

It would be nice if every wordpress plugin could access the database with its own user that was granted standard privileges to the common wordpress tables, and also could create its own tables that no other plugin could access. I don’t know if that is possible to do in php code. I think it would require a human system administrator to make it happen. It would be much more difficult to give each plugin its own directory.

It reminds me of Android. They have applications written by different people, but each one is isolated and runs as its own user. That is not as easy to implement with wordpress plugins.

Does anyone know of a good solution to this problem?

The topic ‘Sensitive data in WordPress database’ is closed to new replies.

Sensitive data in WordPress database

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics