Opened 8 years ago
Last modified 6 years ago
#39425 new feature request
sending mails with e-sign certificate feature request
Reported by: | studiojurdan | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 4.7 |
Component: | General | Keywords: | |
Focuses: | Cc: |
Description
Since PHP4 in 2007, the phpmail had an option "SIGN" to digitaly sign outgoing mails with a P12,x509 certificat. But all my search in worpress plugin let me see that this very important function is not yet used.
in 2017 the all EU will be asked to sécure and sign the mails so it will be soon a problem also.
Note: See
TracTickets for help on using
tickets.
There is a sign() method in PHPMailer already so technically speaking this should not be difficult to achieve using the
phpmailer_init
hook in WordPress.That said, any attempt to sign an email needs a password. This should not be stored in the database in plain text for obvious reasons, and perhaps even storing is hashed is unwise as it could be reverse hashed by anyone with broad database access to retrieve the original key. Storing in a file on the server is also a pretty terrible idea.
So, user input is likely the way forward for this but the site would need to be on a secure port and encrypted connection to ensure the password could not be snooped by a man-in-the-middle attack.
So, although this request seems reasonable initially, it is the subject of many security considerations. My opinion is that this should not be part of the core and most probably should be avoided as a plugin too.