Hashing oauth username and email in auth. Js?
Would that work to improve privacy of users and would it even work? To do that I would need to modify database adapter but it may not be too much of work.
What other ways there would be to improve privacy?
6 Replies
not sure i understand but hashing ≠ encryption
email and username are not private information
It's user has like firstname.lastname@email.com it's something I don't want getting hacked or something. Hashing again because of potential db leak, so hacker would need to know what email or user to look for in hashed db instead of just decrypting everything with key
hashing makes sense for comparison
hashing the email field makes it useless. if your app does not use the email then just don't store it
let's say i somehow got access to your db and now i am searching for a specific account with email x@y.com. i could just hash x@y.com with the same algorithm myself and find the account using the generated hash
it does not secure things
Yeah, searching specific email would work even with hashing. Ill try to limit scopes in auth.js away from email.
i don't think i understand your goal
I guess if I remove email from oauth scopes privacy issue is reduced. Goal would be just to reduce privacy issues resulting from server getting hacked.