If you're using Employee Directory and Spotlight in a site open to public, you need to take measures to protect your user information. By default, all email addresses are protected by anti spam function. Anti spam function converts email address characters to HTML entities to block spam bots. The selection of characters is random and changes each time the function is called.
For example, firstname.lastname@example.org address is displayed in the html source code as:
In addition, the search form sessions are protected from Cross-Site Request Forgery (CSRF) attacks. If our plugin detects that your session integrity is compromised, it will refuse to return results from your site.
However, if someone uses your directory search form manually, they can get the results and download or copy them to another file. There are multiple strategies to prevent or limit unauthorized search: