[ltb-dev] [LDAP Tool Box - Feature #659] (Assigned) Partially hide mobile phone number, to prevent username to phone number lookups (privacy)

noreply at lsc-project.org noreply at lsc-project.org
Sat Feb 15 15:38:41 CET 2014


Issue #659 has been updated by Clément OUDOT.

Status changed from New to Assigned
Assigned to set to Clément OUDOT
Target version set to self-service-password-?

Thanks for the patch!
----------------------------------------
Feature #659: Partially hide mobile phone number, to prevent username to phone number lookups (privacy)
http://tools.lsc-project.org/issues/659

Author: Stephan Hughson
Status: Assigned
Priority: Normal
Assigned to: Clément OUDOT
Category: Self Service Password
Target version: self-service-password-?


Thanks for the self service password reset tool, first of all. It's very useful.

There was a slight privacy issue for our users, as you can look up a user's mobile number just by knowing the username. In some companies that's ok but not all.

I have adjusted the code slightly in my installation but I think it may be a useful feature for everyone.

Please excuse my poor coding...


In config.inc.php , I added a variable:

## SMS
# Use sms
$use_sms = true;
# GSM number attribute
$sms_attribute = "mobile";
# Partially hide number
$sms_partially_hide_number = true;


Then in sendsms.php , on line 234:

    <td><?php if ($sms_partially_hide_number) echo (substr_replace($sms, '****', 4 , 4)); else echo $sms;?></td></tr> 


so the phone number is displayed for the user to confirm, but not all of it.

Thanks for your help.


-- 
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ltb-project.org/pipermail/ltb-dev/attachments/20140215/9ad66cc1/attachment.htm>


More information about the ltb-dev mailing list