[ltb-dev] [LDAP Tool Box - Feature #659] (Closed) Partially hide mobile phone number, to prevent username to phone number lookups (privacy)
noreply at lsc-project.org
noreply at lsc-project.org
Tue Jun 23 17:23:58 CEST 2015
Issue #659 has been updated by Clément OUDOT.
Status changed from Assigned to Closed
% Done changed from 0 to 100
Done in r371.
Note that the mobile number is still in plain text in an hidden field.
----------------------------------------
Feature #659: Partially hide mobile phone number, to prevent username to phone number lookups (privacy)
http://tools.lsc-project.org/issues/659
Author: Stephan Hughson
Status: Closed
Priority: Normal
Assigned to: Clément OUDOT
Category: Self Service Password
Target version: self-service-password-0.9
Thanks for the self service password reset tool, first of all. It's very useful.
There was a slight privacy issue for our users, as you can look up a user's mobile number just by knowing the username. In some companies that's ok but not all.
I have adjusted the code slightly in my installation but I think it may be a useful feature for everyone.
Please excuse my poor coding...
In config.inc.php , I added a variable:
<pre>
## SMS
# Use sms
$use_sms = true;
# GSM number attribute
$sms_attribute = "mobile";
# Partially hide number
$sms_partially_hide_number = true;
</pre>
Then in sendsms.php , on line 234:
<pre>
<td><?php if ($sms_partially_hide_number) echo (substr_replace($sms, '****', 4 , 4)); else echo $sms;?></td></tr>
</pre>
so the phone number is displayed for the user to confirm, but not all of it.
Thanks for your help.
--
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ltb-project.org/pipermail/ltb-dev/attachments/20150623/14f4eb1c/attachment.htm>
More information about the ltb-dev
mailing list