Subnostr

Currently working on a WordPress Plugin for Nostr. How would you plebs feel save to store your nsec in a WordPress environment?

– Encrypted in the database

If somebody has access to your site’s full source code and the database, they would be able to decrypt the nsec.

– wp-config.php constant

If somebody has access to your site’s full source code, they would be able to find the nsec.

– Environment variable

If somebody has root access to your webserver, they would be able to find the nsec.

– nsecBunker 😎

Depends on the security of your nsecBunker.

Or do you have even better ideas? Thanks for any input 🫂

Reply to this note

Please Login to reply.

Discussion

🥩ℝ𝕖𝕟𝕖𝕘𝕒𝕕𝕖 ₿𝕦𝕥𝕔𝕙𝕖𝕣⚡ 2y ago

I wonder what's involved with integrating Nip-07? I believe the extension hold the nsec then, not the database. 🤔

Joel 🇨🇭 2y ago

For context to others: The plugin should provide options to share WordPress Posts to Nostr.

nostr:npub1g3827ewz6d23rlgdhkaslc78gyule52ymcqdyt2hsxdwtlw8dt5q7dfpvg As far as I can understand NIP-07 requires a JavaScript implementation. This could work, if the "share to Nostr" functionality would be a dedicated interaction in the WordPress admin area which triggers an action to the window.nostr object.

This would have some tradeoffs for automatically share new posts to Nostr if they get published by schedule.

Or let's say, to share a post to Nostr, the pleb with the extension for signing needs to be around when a post gets published.

What do you think is more convenient, to have an auto-share mechanism or to not have to store your nsec in your WordPress Setup?

🥩ℝ𝕖𝕟𝕖𝕘𝕒𝕕𝕖 ₿𝕦𝕥𝕔𝕙𝕖𝕣⚡ 2y ago

I think maybe a good tradeoff may be to allow an nsec to be stored, but with a warning that it is less secure. And allow a direct nip-07 sign initiated at the time of share, and perhaps pre-signed scheduling like nostrit allows?

I'd say 90% of the time I would be adding WordPress content I'd want the post immediately, or I'd be directly sharing a post.