OK. I have some difficulties deciding how an email address will be saved in a comment.
I want to add a subscription feature for comments and in order to let the website send a notification to an email address, I need to store it in plaintext. But that can be a risk if the database gets exposed to the public.
I can't think of any other solution for this, but before I move on, I want to know what you guys and gals are thinking about this. Do you have any better solution?
Please, tell me! 🙂
@edgren why does it need to be plaintext? But if it really does, skip email entirely and provide RSS feeds for comments maybe.
@IslandUsurper I don't want to store email addresses in plaintext, but I don't have any other solution for it 😕
Oh! Good idea with RSS for comments. Thank you!
@MindOfJoe Yes, I have 🙂
The problem was that I wanted to encrypt or hash the email addresses that people had in their comments. But at the same time, I wanted to let them subscribe to comments to get notified when an answer has been sent.
That would be difficult if I couldn't decrypt or de-hash the email addresses. First, the address was encrypted with the password of the comment. After a while, I changed to SHA-256.
@MindOfJoe According to GDPR, all email addresses are considered as personal data and should be stored encrypted in order to protect it from prying eyes.
Read more: https://gdpr.eu/email-encryption
Here in Sweden, email addresses like email@example.com are not classed as personal data, while firstname.lastname@example.org are classed as personal data.
No worries 🙂 You don't distract me, and you should be curious. Otherwise, you would not learn stuff 😊
@edgren do you mean like "to write a comment, please provide email, name and comment" as a means of account-less comments? (with comment and name being shown and email used for... Replies? I'm guessing)
Well depending on what tech stack you're using and if your target audience is developers, you might be able to use https://utteranc.es/
For a non developer blog, best you can do is not ask for email or make sure you're using best practices for the database and server security.
@edgren the rss feed for comments is a good idea, but imo is a bit of a lot of work.
Another idea is looking into web push notifications. Tho this will mean the user needs to 1. Have a modern browser (chromium or Firefox) and 2. Has to click yes to the pop-up
@edgren to clarify, rss feeds are a lot of work for the user who wants to consume it and is not the best UX.
@Metruzanca You mean it is a lot of work for the visitors to subscribe to the posts, comments, and/or tags?
@edgren yeah, posting a comment to the have to subscribe to a new feed per blog post they've commented on
@Metruzanca Good idea. Haven't thought about that solution. But since my visitors are not staying a long time on my blog (I assume), the chance of them getting a notification while on the website, are quite low.
If and when the visitors are staying much longer on my blog, I would consider adding your solution to it 🙂
@Metruzanca Thank you 🙂 But I have already ruled out email address from my blog 😊
I have my own comment system that I've built by myself 🙂 Please see https://fosstodon.org/@edgren/106646533632740562 to see the upcoming update. If you want to see how it looks like today, you can for an example go to https://blog.airikr.me/en/read:60b68ebdc4b24#comments
@Metruzanca I wouldn't use GitHub for my projects anymore, though, due to privacy invading features that Microsoft have added to GitHub (AI "poking" around in the source codes to check for errors and stuff). Plus, it's Microsoft. Nuff' said 😂
My blog are built to be as privacy friendly as it can possibly get. For an example, no third-party things allowed 😅
But thank you for the tips 😊 Much appreciated 🙂
Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.