Last modified by eMDPlugins - 1 year ago
32 Views
1 min read

How to protect email addresses from unauthorized users

If you're using Employee Directory and Spotlight in a site open to public, you need to take measures to protect your user information. By default, all email addresses are protected by anti spam function. Anti spam function converts email address characters to HTML entities to block spam bots. The selection of characters is random and changes each time the function is called.

For example, ndavolio@example.com address is displayed in the html source code as:

"mpeacock@ex&#97..". 

In addition, the search form sessions are protected from Cross-Site Request Forgery (CSRF) attacks. If our plugin detects that your session integrity is compromised, it will refuse to return results from your site.

However, if someone uses your directory search form manually, they can get the results and download or copy them to another file. There are multiple strategies to prevent or limit unauthorized search:

  • Only expose certain fields:  All sensitive information such as salaries, marital status or email addresses can be turned off from the plugin settings.
  • Do not expose search operators to public: Use the type of search form which does not include search operators. Search operators are included in a dropdown next to a form field and include the function such as like, unlike, word. These functions can be used to search a large volume of records. Excluding search operators forces users to come with a more educated search criteria.
  • Ask for login/registration to search: Using the plugin settings, you can force the user to register or login to your site. This helps you get more information about the user.
  • User role based field access: Employee Directory comes with field level security. For example, you can display an employee's salary to the users belonging to managers but not employees.
  • Make certain fields required for searches: For example, if you make name field required, users need to know a person's name to search additional information about that person. 
Was this information helpful?