Storing only hashed email

Unsolved Plugin Development
  • Hey,

    For privacy reasons, I want to only store the hashed-salted version of a user's email (in favor of restoring the user's password for example).

    It seems one way to go about this is to hook to and there generate a salt, created hashed email, store hashed email and salt and remove the non-hashed email from the db.

    Then I would also need to also hook somewhere in the forgot email logic.
    This would also require disabling email editing for the user of course.

    The downsides of the above are:

    1. The email is kept in the db during confirmation stage.
    2. Its a bit wasteful to write the non hashed email and then delete it and write the hashed one.

    I'm new to NodeBB (and web development in general), and would appreciate any pointers.


  • How would password resets be done?

  • @pitaj I was thinking to compare the hash of the provided email to the stored hashed emails in the db.

  • Ah good point. What about users who don't confirm their email?

  • @pitaj Yes, this is one downside of this approach.

    Users with unconfirmed email will not be able to post, so at least there won't be posts associated with the unhashed email, but this is not ideal.

  • Nir SN Nir S marked this topic as a question on
  • You could instead only keep the email around until the validation email is sent, then replace it with the hash.

  • Thanks!

    I guess I can hook to for reading the existing email and then replacing it with a hashed version.

    However, password reset wouldn't work since it wouldn't find the uid for the (non hashed) email address provided (here).

    We can add a hook for preprocessing the email before looking for the uid, but that won't be enough since later the email is sent according to the email field in the db (i.e. not the email provided by the user when asking to reset).

    One possible solution is:

    1. Add a hook for preprocessing the email used for getting the uid.
    2. Pass the provided email in params to emailer.send (here) like it's done for welcome and email verification.
    3. And here instead of checking that for the template check if is defined.

    Does that make sense?

  • Nir SN Nir S referenced this topic on

Suggested Topics

| | | |