Secure DB Bridge For Bervice
| 开发者 | bervice |
|---|---|
| 更新时间 | 2025年10月20日 13:30 |
| PHP版本: | 8.0 及以上 |
| WordPress版本: | 6.8 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
详情介绍:
Secure DB Bridge for Bervice is a secure and lightweight bridge plugin that allows your WordPress website to connect directly to the Bervice decentralized infrastructure.\
Bervice is a blockchain-based and quantum-encryption-ready platform focused on data security, privacy, and long-term information preservation.
By installing this plugin on your website, you can:
- Establish a secure, encrypted connection between your WordPress site and Bervice.
- Allow Bervice to back up critical data safely without exposing your credentials or server.
- Strengthen your site’s resilience against data loss and central-point failures.
- Integrate seamlessly with your existing CMS environment. This plugin acts as one of the core gateway services in the Bervice ecosystem.\ It’s specifically designed to help WordPress site owners keep their data protected through decentralized and quantum-secure backup mechanisms.
安装:
- Install the plugin either by:
- Uploading the plugin folder to
/wp-content/plugins/secure-db-bridge-for-bervice, or - Searching for “Secure DB Bridge for Bervice” in the WordPress plugin directory and clicking Install Now.
- Activate the plugin from the Plugins menu in your WordPress Dashboard.
- After activation, click on the “Bridge for Bervice” menu item in the dashboard to open the plugin settings page.
- Open your Bervice desktop application and go to the Database Solution section.
- Copy the generated:
Key IDShared Secret (Base64)
常见问题:
Does the plugin work on its own?
No. This plugin acts as a bridge between your WordPress website and the Bervice platform. It doesn’t provide backup or security functions by itself — it securely connects your infrastructure to Bervice.
Does this plugin back up the database?
The plugin itself does not perform backups directly. However, once connected, the Bervice software can securely and cryptographically back up your data through this bridge.
Can I disconnect the bridge whenever I want?
Yes. You can disable or remove the connection at any time.
Can anyone connect to my website through this plugin?
No. The system is protected by your IP Allowlist and security keys. Only the IPs and credentials that you explicitly authorize can establish a connection.
更新日志:
1.1.2 - 2025-10-11
- Security: Complete rewrite of REST authentication — HMAC signature, timestamp, nonce, IP allowlist and rate-limiting are now validated in the permission callback so signed external requests work correctly without relying on WP login checks.
- Security: Nonce storage hardened — transient keys are SHA-256 hashed to prevent unsafe transient names and improve replay protection.
- Security: Signature verification tightened (secure compare) and base64 secret validation added; invalid secrets return clear errors.
- Security: IP allowlist behaviour clarified — an empty IP Allowlist now means "no IP restriction" (admin is warned in the settings UI). Administrators may still configure strict allowlists.
- Performance: Streaming encryption and delivery implemented — where available the openssl CLI is used for streaming AES-256-GCM encryption; otherwise a safe in-memory fallback is used with a configurable threshold.
- Performance: Encrypted backups are streamed to the client using fpassthru/readfile (no full-file file_get_contents()), reducing PHP memory usage and preventing OOM on large dumps.
- Reliability: Exporter::encryptFile() HKDF/key handling improved; IV is returned Base64; improved error messages and guaranteed cleanup (gzclose + file removal).
- Robustness: Dump generation hardened — additional guards around SHOW CREATE TABLE / SHOW COLUMNS and explicit -- WARN: notes when metadata is missing.
- Admin: Settings page now warns when secret or ip_allow are empty and explains the security implications.
- Dev: PHPCS annotations, type hints and logging reviewed; sensitive values are not leaked in logs.
- Upgrade Notice: External clients must adopt the new signed request scheme and send these headers: X-BBridge-KeyId, X-BBridge-Timestamp, X-BBridge-Nonce, X-BBridge-Signature. Ensure a valid Base64 secret (>= 32 raw bytes) is set in plugin settings after update. Test on staging before rolling out to production.
- Fix: Resolved PHP parse error in
Exporter.php(misplaced braces around the pagination block) that triggered “unexpected identifier 'gzwrite', expecting 'function'”. - Fix: Implemented a proper pagination loop (
while (true)with LIMIT/OFFSET) and balanced braces; avoids premature function termination. - Hardening: Safer table handling — string-cast names, strict whitelist against
SHOW TABLES, and backtick-quoting viabacktick(). - Robustness: Additional guards for
SHOW CREATE TABLE/SHOW COLUMNS; writes explicit WARN comments into the dump when metadata is missing. - Reliability: Ensured
COMMITandgzclose()always execute; retained size sanity check for output.sql.gz. - New: Admin menu page (“DB Bridge”) with icon support (
assets/admin-icon.svgor Dashicons fallback). - Security: Tightened uploads tmp directory — creates
index.htmland Apache 2.4.htaccesswithRequire all deniedfor both/bervice-db-bridge/and/tmp/. (Note: Nginx users must restrict via server config.) - Dev: PHPCS annotations trimmed/clarified; namespace/type hints refined; no breaking changes to REST endpoints or settings.
- Refactored database dump logic in
Exporter.php:
$safeTablecomes from a trusted whitelist and cannot be placeholder-bound.- Direct DB queries are required to produce SQL dumps.
- Caching is skipped intentionally to ensure real-time backup accuracy.
- Added whitelist check for table names to ensure only those returned by
SHOW TABLESare processed. - Escaped table identifiers using
backtick()for improved SQL safety. - Documented and justified usage of interpolated table names with
phpcs:ignoreinline comments (placeholders cannot be used for identifiers). - Improved inline comments for WordPress.org code review clarity.
- Minor code clean-up and consistency improvements.
- Resolved remaining PHPCS/WPCS warnings in
Exporter.php. - Added explicit
phpcs:ignoreannotations for unavoidable direct database queries (SHOW TABLES,SHOW CREATE TABLE,SHOW COLUMNS). - Documented safe usage of interpolated table names where placeholders are not possible in MySQL.
- Final compliance alignment for WordPress Plugin Directory review.
- Fixed final PHPCS/WPCS issues flagged by WordPress.org Plugin Check.
- Escaping enforcement: added
// phpcs:ignorewhere binary output or MySQL limitations apply. - Updated Exporter with explicit ignore rules for SHOW CREATE/SHOW COLUMNS queries.
- Improved uninstall cleanup routine for safer transient removal.
- Codebase fully aligned with WordPress Plugin Directory requirements.
- Fixed mismatched text domain warnings (
secure-db-bridge-for-bervice). - Escaped all dynamic outputs for improved security.
- Replaced
unlink()andreadfile()with WordPress-safe alternatives. - Improved handling of client IP sanitization.
- Updated uninstall routine with safer option/transient cleanup.
- General code cleanup for PHPCS/WPCS compliance.
- Added /languages directory to fix Domain Path warning.
- Initial stable release.