Participants Database
How secure are the full records? (2 posts)

  1. dentalfearcentral
    Posted 3 years ago #

    Hi, I just got the participants database up-and-running and it seems like a great plugin! One question though: how secure are the participants' full records? I'm talking about the link you get in the confirmation e-mail which looks something like this: http://www.mysite.com/updatedetails/?pid=29TUV
    Couldn't a hacker quite easily get access to these records by trying random combinations? How secure is this? And is there a way of increasing the number of letters/characters to 10 to make it more secure?
    Many thanks for any help!!


  2. bbergman
    Posted 3 years ago #

    They are as secure as your database. In other words, all data for this plugin is stored in cleartext in the database table (wp_participants_database). This includes the Private ID column as well. If someone can gain access to your database, then all participant information is visible to them.

    That being said, the actual Private ID itself (the five digit alphanumeric ID for each record) is randomly secure. In other words, there won't be any duplicates, and each new record gets a randomly generated string, and the only way someone could circumvent the built-in security and update someone else's record is if they either (1) just happen to guess the random string (very unlikely), or (2) intercept/obtain the ID through some nefarious method.

    In general, this is a reasonably secure plugin, and a reasonably secure mechanism for ensuring safe access for participants. You're not going to stop a determined hacker from getting into a record, but you'll stop 98% of the casual hackers.

    Extending the string to 10 digits will make it more random, but unless you plan on accepting something like 435,000 participants, you won't hit any limits for quite some time.


Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Participants Database
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic