Community Support Forums

[martonic]

Hi Jason,

What is the effect of setting a "Security Encryption Key". Will it break my code by changing the format of the data stored in the wp_usermeta table?

Thanks, Marty

[Jason Caldwell]

Hi Marty. Thanks for the great question.

Let me be very careful about how I answer that question.

As of s2Member v3.2.4, no. You'll be fine to change that. s2Member does NOT encrypt data stored locally in your database, other than to encrypt passwords; which is already handled by WordPress. There is no need to encrypt data stored locally in your database; your database is already password protected, and s2Member ( in it's current form ) does NOT store any financial data that would require encryption.

I'm being careful, because that does NOT mean, that at some point in a future release, that s2Member won't have a need to store encrypted data in the database, using that Encryption Key, which is one very important reason why the warning is there in the General Options panel.

So now, to answer your question more directly.
Here is what changing the Key WILL IMPACT in current versions of s2Member:

- It will kill any existing links that s2Member sent out in emails to your Customers; nullifying them all. Things like Registration Access Links and Specific Post/Page Links.

- It will ALSO kill all of the encrypted cookies that s2Member sets. Things like Specific Post/Page session cookies and registration access cookies.

- It will ALSO kill Download Keys created by s2Member ( if you've been using Download Keys ).

- It will ALSO change s2Member's Proxy IPN URL. This is NOT the default IPN URL that most people use, it's a special version of the IPN URL that contains an encrypted hash. This would need to be updated if the Security Encryption Key was modified ( but only if you've been using it ).
See: s2Member -> PayPal Options -> IPN Integration.

[ToddSchafer]

How do i figure out if someone else has all ready set-up the Security Encryption Key? There was a previous developer and My field is blank does that mean it hasn't been set-up yet?

[Cristián Lávaque]

That seems to be the case, or it'd still be there.

[Jason Caldwell]

How do i figure out if someone else has all ready set-up the Security Encryption Key? There was a previous developer and My field is blank does that mean it hasn't been set-up yet?

If there were keys in the past, s2Member would reveal a small link underneath the text input field in that panel, where it stores a list of the previous 10 keys used on your site; in case of emergency.

[Luteno]

Hi there!

My customer asked me about details of the encryption.

Can you tell me in what exact way the encryption works? What kind of encryption is used and what exactly will be encrypted if I use the feature?

Thank you very much in advance,

Fabian Kahlert

[Eduan]

Encryption is "The process of obscuring information to make it unreadable without special knowledge, key files, and/or passwords."

And what it affects, from what I understand, are the PayPal buttons, so that people can't change the price of things etc.

Hope this helps.

[Jason Caldwell]

Hi there!

My customer asked me about details of the encryption.

Can you tell me in what exact way the encryption works? What kind of encryption is used and what exactly will be encrypted if I use the feature?

Thank you very much in advance,

Fabian Kahlert

s2Member uses mcrypt_encrypt(), with MCRYPT_RIJNDAEL_256 / MCRYPT_MODE_CBC.
See: http://php.net/manual/en/function.mcrypt-encrypt.php

---

Here is what changing your Security Encryption Key WILL IMPACT in current versions of s2Member:

- It will kill any existing links that s2Member sent out in emails to your Customers; nullifying them all. Things like Registration Access Links and Specific Post/Page Links.

- It will ALSO kill all of the encrypted cookies that s2Member sets. Things like Specific Post/Page session cookies and registration access cookies.

- It will ALSO kill Download Keys created by s2Member ( if you've been using Download Keys ).

- It will ALSO change s2Member's Proxy IPN URL. This is NOT the default IPN URL that most people use, it's a special version of the IPN URL that contains an encrypted hash. This would need to be updated if the Security Encryption Key was modified ( but only if you've been using it ).
See: s2Member -> PayPal Options -> IPN Integration.