Hash stored emails for storage
victorb opened this issue · 0 comments
victorb commented
There is no need for us to actually keep the emails as plaintext as we'll be sending out no newsletter or other junk. The only time we send emails to the user it's because the user entered the email and wants to receive something now (like login codes).
Something like passing $salt+$email through sha256sum should do the trick.
See https://blog.klungo.no/2020/11/01/you-might-not-need-to-store-plaintext-emails/ for more details