-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
E-Mail Hashing - Privacy Improvment #22470
Comments
Can you elaborate on how this would work? After the email has been hashed it can no longer be used to send mails to that user like, notifications or password resets 🤔 |
These are 2 features currently. if you want pseudonym users you would leave out the email adress, users can’t reset password but for SSO logins not necessarily and it would be more privacy policy friendly. By default the email would be saved |
@br41nslug as some auth. providers like Apple create relay emails for the external identifiers they secure this. but I don’t see why we could not just save the email address in the email field of the Directus user (or a field like registered with email), and a hashed external identifier. this would only improve the security. Sure by migrating up, existing instances would hash once the external identifiers. |
You can configure this for the SSO provider your using |
But the identifier key will not be hashed? For example for the Google login? |
Identifiers will not be hashed no, and shouldnt be necessary if you're not using the email or another privacy sensitive key. This can however be achieved using flows/hooks by hooking into the |
Describe the Improvement
As users can register via different auth providers as for example Google, their external identifier is their email adress. This works totally fine, but considering privacy policies it would be nice to have an option of a hook to hash the email, adress into a string.
The text was updated successfully, but these errors were encountered: