PGPsign posting verification | WordPress.org

jschewts
(@jschewts)

9 years, 1 month ago

Hi,

I love the postie plugin and would like to donate my own little hack in return. I was always troubled by the fact that postie was not really secured against “false-flag” posts i.e. if you know the authorized email addresses, the email account used for processing and the authorized smtp server, it is not difficult to plant posts in wp site running postie (same is btw true for all similar wp plugins I tested before :(). So to overcome that nasty security by obscurity approach, I implemented a filter that only allows for posts by mail that are signed with a trusted pgp keys (PGP/MIME). Now I would like to share it now with the postie world if possible.

So let me know how to push the code into your codebase in case you are interested to incorporate this as a prpbably very useful security measure.

https://wordpress.org/plugins/postie/

Viewing 1 replies (of 1 total)

Plugin Author Wayne Allen
(@wayneallen-1)

9 years, 1 month ago

Nice idea. Please send the code to help@postieplugin.com and I’ll get it integrated.

Viewing 1 replies (of 1 total)

The topic ‘PGPsign posting verification’ is closed to new replies.

Tags

In: Plugins
1 reply
2 participants
Last reply from: Wayne Allen
Last activity: 9 years, 1 month ago
Status: not resolved