Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
That wouldn’t work as the SMTP password needs to be transmitted to the SMTP relay in unencrypted form.
Storing the password encrypted would mean the plugin would have to be able to also decrypt it. That kind of defeats the whole purpose of encrypting it in the first place.
The issues is that passwords should never be stored in a DB as plain text. That is a major security vulnerability in any technology circle. If your site is hacked your email account has a higher likelihood of being “hacked” due to the fact most smtp usernames and passwords are the same as the account login information. A plain text password is always easier to use then an encrypted one.
I understand that you can not send the pre-encrypted password as is, it will need to be decrypted. But if you are using SMTP over SSL/TSL I believe the password will be encrypted during the Auth process.
The current setup of this plugin with the plain text password being stored in the database is a large security risk.
So encrypting it in the DB for storage then decrypting at the time of Authentication would be better than plain text.
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
The issues is that passwords should never be stored in a DB as plain text.
Right, I got that. For lots of reasons I know that already. 😉
How would you encrypt the SMTP password? Ideally you would store it in the database via a one way hash. That way you could not use the stored hashed value to obtain the password. That’s how your WordPress password is stored.
SMTP AUTH would not work though since it needs to be transmitted (usually via a TLS connection since encrypted communication is our friend) and hashed values wont work.
You could put an encryption key in the plugin but anyone could download the plugin and read the key. That’s not helping.
You could ask the user for an encryption key and you could store that key in the database. Not really a secure solution since “That is a major security vulnerability in any technology circle” and kinda defeats the whole purpose of this exercise.
If your concerned about SMTP passwords being store (and I do think that’s a legitimate concern) then you may just want to ask your web host how to use their SMTP relay without having to use SMTP AUTH.
So using your logic why lock the front door of your house at all if people can still break the window and unlock the door? If that is your security philosophy please don’t put your address on the internet.
If someone wants to hack/break-in they are going to regardless of your security measures, but you shouldn’t leave the front door unlocked for them.
Some security is better then no security.
I did see one plugin that requires the username and password be added to the wp_config.php file manually. That might be the most secure option.
I will see if my SMTP has a way to auth without a username and password.
Just my 2 cents. Would it be feasible for the plugin to check if the wp-config.php file is writable and if so offer the user the option to provide an encryption key? That key could then be written to wp-config.php as a PHP constant.
It’s only a minor security improvement because it seems unlikely that an attacker would be able to get your database and not able to get your wp-config.php file, but I suppose it could happen.
Hello optimized-marketing.com,
have you accomplish your objective? I’m pretty much in the same situation as you.
No, I have not found an option that gives the desired outcome. I had to go with the current best option which is to use http://wordpress.org/plugins/wp-smtp-config/ and add the connection info into wp-config.php.
P.s. you will need to make slight changes to the code if you plan to change the port.
i know this is an old thread (and i’m not even using this plugin but just came across this conversation by chance).
what does occur to me though is this regarding:
>You could put an encryption key in the plugin but anyone could download the plugin and read the key. That’s not helping.
i might be wrong here, but to me this does not appear to be strictly true.
when you install wordpress you get a bunch of unique constants in your installations wp-config.php
(the stuff under * Authentication Unique Keys and Salts such as AUTH_SALT etc)
i would have thought you can just use one of those constants as your encryption key. so regardless of whether or not the plugin is freely downloadable, the key would differ….., no ?
(happy to stand corrected btw, just an idea that sprang to mind)
