Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consider random/hashed IDs for user pages and the ability to change the user page root path #1132

Open
LukasKalbertodt opened this issue Mar 5, 2024 · 1 comment
Labels
kind:new-feature A new feature

Comments

@LukasKalbertodt
Copy link
Member

One client of ours voiced interest in this feature as they consider disclosing usernames as a security risk, putting Tobira and other of their systems at risk. I have not yet fully grasp the details here.

The idea would be to (if configured that way) either create a random ID for new user pages (like we do for events) or hash the username. As a separate feature, we could allow users to change their user-page ID, basically like a channel ID on youtube, on a first-come-first-serve basis. Though I imagine follow-up complications there: preventing impersonation, giving lecturers higher priority in the user-page ID choice, ...

In any case, not a big priority right now.

@LukasKalbertodt LukasKalbertodt added the kind:new-feature A new feature label Mar 5, 2024
@JulianKniephoff
Copy link
Member

An alternative idea by @LukasKalbertodt: We could let the auth layer provide a realm_name or something like it that overrides the username as the user realm root path. That way, institutions could implement hashing and other obfuscation or even "beautification" steps in their auth server, for example.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind:new-feature A new feature
Projects
None yet
Development

No branches or pull requests

2 participants