Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
ivatar
ivatar
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 10
    • Issues 10
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 0
    • Merge Requests 0
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • Oliver Falk
  • ivatarivatar
  • Issues
  • #74

Closed
Open
Opened Oct 07, 2020 by Sheogorath@sheogorath

Reduce profile data

In order to encourage privacy by design, I would recommend to reduce the information that is hold on in the account data.

In explicit, I would recommend/encourage to get rid of the actual identity strings and replace them with aliases and only store the hashed version.

As we recently saw with gravatar vulnerabilities allow account enumeration and like in worst case. This is not necessary when one takes some trade-offs.

We can just store the hash of most identities in the database. There should be a primary identity that is used as an emergency contact, but otherwise identities should just get an alias field that is used as their UI identifier and otherwise be stored in form of a hash. This reduces the ability to collect mail addresses and OpenIDs even when the database would be breached.

From a workflow perspective it's not necessary to store an identity after successful verification as all further actions are performed with the hash only.

Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: oliver/ivatar#74