Encryption key security and location #52
Description
Hi,
if I understand the code correctly, the plugin writes a connection encryption key to odoo-wp-plugin/odoo_conn.key. Since this path is somewhat predictable, I’m wondering if this could potentially be accessed and misused by an attacker to intercept data or is this a non-issue?
Also, storing the key inside the plugin directory might lead to it being deleted during updates, which could possibly break the connection. Would it make sense to use something like wp_upload_dir()/odoo-wp/ instead?
Best regards,
Andrej