Hashing oauth username and email in auth. Js?

Would that work to improve privacy of users and would it even work? To do that I would need to modify database adapter but it may not be too much of work. What other ways there would be to improve privacy?
6 Replies
erik.gh
erik.gh2y ago
not sure i understand but hashing ≠ encryption email and username are not private information
Massukka
Massukka2y ago
It's user has like [email protected] it's something I don't want getting hacked or something. Hashing again because of potential db leak, so hacker would need to know what email or user to look for in hashed db instead of just decrypting everything with key
erik.gh
erik.gh2y ago
hashing makes sense for comparison hashing the email field makes it useless. if your app does not use the email then just don't store it let's say i somehow got access to your db and now i am searching for a specific account with email [email protected]. i could just hash [email protected] with the same algorithm myself and find the account using the generated hash it does not secure things
Massukka
Massukka2y ago
Yeah, searching specific email would work even with hashing. Ill try to limit scopes in auth.js away from email.
erik.gh
erik.gh2y ago
i don't think i understand your goal
Massukka
Massukka2y ago
I guess if I remove email from oauth scopes privacy issue is reduced. Goal would be just to reduce privacy issues resulting from server getting hacked.
Want results from more Discord servers?
Add your server