From ab1bba9daba5500e1b154579518369974cc6041a Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 14 May 2015 11:37:47 -0400 Subject: cloak user PII when making commits etc, and let cloaked PII be used in banned_users This was needed due to emailauth, but I've also wrapped all IP address exposure in cloak(), although the function doesn't yet cloak IP addresses. (One IP address I didn't cloak is the one that appears on the password reset email template. That is expected to be the user's own IP address, so ok to show it to them.) Thanks to smcv for the pointer to http://xmlns.com/foaf/spec/#term_mbox_sha1sum --- doc/plugins/emailauth.mdwn | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'doc/plugins/emailauth.mdwn') diff --git a/doc/plugins/emailauth.mdwn b/doc/plugins/emailauth.mdwn index db22e2931..74097d2cc 100644 --- a/doc/plugins/emailauth.mdwn +++ b/doc/plugins/emailauth.mdwn @@ -11,8 +11,10 @@ some other form of authentication, such as [[passwordauth]] or [[openid]]. Users who have logged in using emailauth will have their email address used as their username. In places where the username is displayed, like the RecentChanges page, the domain will be omitted, to avoid exposing the -user's email address. Note though that the email address will be visible -when looking at eg, commits in the git repository. +user's email address. In places where the full username needs to be put, +like commits of changes, the email address is cloaked using +the +foaf:mbox_sha1sum spec. This plugin needs the [[!cpan Mail::SendMail]] perl module installed, and able to send outgoing email. -- cgit v1.2.3