search

webtions / i-recommend-this

This plugin allows your visitors to simply like/recommend your posts instead of comment on it.
22 stars 10 forks source link

Anonimize IPs with hash and salting #41

Open opicron opened 2 months ago

opicron commented 2 months ago

A good measure for some additional compliance to GDPR would be to hash and salt the IP addresses.

Of course with a fulll compromize this would be insufficient to protect the IP but for a regular DB dump where the salt and hash is not taken from the wordpress files it would give a layer of protection.

hchouhan commented 2 months ago

This indeed is a good suggestion. I'll see what I can do.

opicron commented 2 months ago

This is how wordpress handles the hashing and salting. I think we can use the same way?

$string_to_hash = 'your_string_here';
$salt = wp_salt();
$salted_string = $salt . $string_to_hash;
$hashed_string = hash('sha256', $salted_string);

// Store the hash and the salt
echo 'Hashed String: ' . $hashed_string;
echo 'Salt: ' . $salt;

// Verifying the string
$string_to_check = 'your_string_here';
$salted_string_to_check = $salt . $string_to_check;
$hashed_string_to_check = hash('sha256', $salted_string_to_check);

if ($hashed_string === $hashed_string_to_check) {
    echo 'String is correct!';
} else {
    echo 'Invalid string!';
}
hchouhan commented 2 months ago

Yes, that would be the way to do it. Thanks for sharing the example Robbert. I'll look into this soon.

opicron commented 2 months ago

Updated the sample for regular hashing and salting strings, instead of passwords.