Hash emails with SHA1 for improved user privacy

Emails should be hashed with SHA1. That way in the event of a data breach, people can’t spam all your users’ emails.

MySQL has the built-in SHA1() function for this.

Here’s how you would change all the current plain-text emails to hashed emails.

UPDATE `accounts` SET `email` = SHA1(`email`);

Here’s how to hash the email when inserting it on register.

INSERT INTO `accounts` (`username`, `email`) VALUES ('$username', SHA1('$email'))

Here’s how to find the account of the email for pages such as forgot password (which you’re missing right now, you need to add Forgot password page)

SELECT `username` FROM `accounts` WHERE `email` = SHA1('$email')

Hope you do this soon, everyone makes mistakes that lead to accidental disclosures of information. And you’re not the most cautious person, so hashing the emails before an angry competitor such as razu or Henix has the time to find a bug in RestoreCord is a good idea.

If a user forgets their email, you can confirm they’re the actual owner with their IP address.

I get the point of this, but how are you going to send emails to the user?

When you need to send an email for Password Reset, you ask for the user’s email as seen in https://keyauth.cc/forgot/ and then you can use that input the user sends of their plain-text email to send an email

So there’s no good reason to not hash emails.

This has been added, thanks for suggesting

This topic was automatically closed after 5 days. New replies are no longer allowed.