Our instance of Discourse uses SSO to allow users to sign in to our forum and we do not allow our users to change their email on the forum, this is all done on our main site.
With this being said, if an account is compromised and the compromiser decides to go onto our forum, they have full visibility of the user’s email address.
Could we have a feature that stars/censors out the user’s email address if enabled in settings but still allows admins to view emails?
@InceptionTime, emails are only visible to admins, and the user themselves. You’re seeing the email in the screenshot as that’s your user. Try viewing a different user.
So our issue right now is that if an account is compromised on our main website and the hacker decides to go onto our forum and log into the account they have hacked, they are able to see the victims email.
However, on our main site we censor the email for security reasons.
We want the ability to be able to censor the logged in user’s email on our Discourse forum too.