No need to make e-mail addresses visible
Closed this issue · 4 comments
Users should register, but their e-mails don't have to be visible.
Where should the e-mails not be shown? Do you mean show the user's name on the members' index page instead of their emails? Or on the edit page?
Yea I think this is as simple as the user index page listing names (but that page would still be useful for the general member to use to navigate to their own profile to edit group memberships/current sup participation status).
So maybe the email address should not even be visible on the user edit page? Company email addresses rarely change anyway...
@Thrillberg I suspect the larger issue is that the email addresses shouldn't be scrape-able from any publicly available pages.
If we remove all references to the email address on sup though, we might need some kind of way to update people's email addresses (get a special link through email to old email address). I'm not sure though, up to @dblock as he's closer to the company use case than me
What might be best is for people to do all editing of their own profile through email (maybe fill in a form in the web app, and then confirm via email link) (avoids account creation on sup by proxying identification necessary tasks like editing your profile through an already secure gmail/other email account), and we could allow editing through the site only for a single admin.