How are passwords stored?

  • Hi there,

    Love this plugin however a little concerned as it’s been brought to my attention that it may store email passwords in plain text format within the database, is this the case?

    Would be great to hear what the official word is regarding this security query.

    Cheers,

    Duncan.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Jason Hendriks

    (@jasonhendriks)

    The general recommendation for storing any password in a database is to use a one-way hash. That way, passwords can never be “recovered” from your database data.

    However, Since your email password must be sent in plaintext to the SMTP server, they can not be one-way hashed by Postman (or any other WordPress SMTP plugin for that matter). And any encryption Postman might use could be easily gleaned from it’s open-source code. Postman stores your password in the database in a UUEncoded text format which will protect your password from the most casual observation only.

    If you are that concerned about security, it is recommended you use Postman in OAuth 2.0 mode, in which case no password is stored at all. Only the short-lived OAuth 2.0 token.

    Thread Starter Duncan Michael-MacGregor

    (@duckonwater)

    Hi Jason,

    Thank you for your fast and concise response. I understand how it works now.

    We are seriously impressed by your plugin, you have done a fantastic job at creating it.
    This setup should be part of the WP core!

    Thank you again for building this plugin and providing such great support. You are truly a credit to the WP community ??

    Best wishes,

    Duncan.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘How are passwords stored?’ is closed to new replies.