Ways Prevent Members Posting Sensitive / Confidential Information


(Alex Sherwood) #1

Are there any plugins / built in features that can be enabled to prevent users from posting sensitive / confidential information or for that information being displayed, once posted, in Discourse? For example, personal phone numbers or bank account number (information that has a standard format so 16 / 9 etc. numbers).

I have seen this post

but I’m looking for a solution that can be adopted while waiting for the feature to be implemented. I’m expecting members to post sensitive information in the meantime, without realising the implications.


(Jeff Atwood) #2

Can you provide specific examples? I know you said “phone numbers” or “bank account numbers” but what is the exact formatting?

This comes down to a blacklist feature such as what you would use for curse words and such.


(Alex Sherwood) #3

Some examples are a 16 digit number 0000 0000 0000 0000 (card number) & a 9 digit number 000-000-000 (from my card) or 000 (CSV). We’re in the UK so 00000 000000 or 000000 0000000 would cover telephone numbers. Obviously there would be variations (+ at the beginning of a telephone number, no spaces, no hyphens) and other examples. But essentially the feature just needs to identify that x numbers have been posted, regardless of which numbers.

Just to be clear, we wouldn’t want to remove user privileges if they post this information, this feature would be utilised for their protection and they might not realise that it’s not a good idea to post. But preventing the user from posting if the content of the post matched the rule or automatically changing the numbers to X’s for example would make it clear that it’s information they shouldn’t post.

Determined users will find a way to get around the rule by adding random characters of course but that can be addressed using flags, the purpose of this tool is to prevent users innocently posting this information.


(Alex Sherwood) #4

@codinghorror I can see that you’re very busy so I just thought I’d check that you didn’t miss my last reply, as it’s been a couple of days now & I sent it at the weekend…

Thanks


(Mittineague) #5

Have you crafted a regex that would match the patterns and no other?


(Alex Sherwood) #6

I’m completely new to Discourse so I’m not familiar with the tools at the moment. Would you mind showing me what the regex would look like for one of the examples, I’ve posted?

Also, where would I create the regex and apply it?


(Jeff Atwood) #7

Did you wish to buy an enterprise or business hosting plan? That’s how we prioritize features: https://discourse.org/buy


(Alex Sherwood) #8

I asked for this feature to be switched on (assuming that it already existed) in Mondo’s Discourse community here. Then, when the community manager didn’t know of it, I followed up here.

So if you could please confirm that the feature that I’m requesting is one that could be developed, I’ll pass that on and ask Tristan (who currently looks after the community) to get in touch.


(Jeff Atwood) #9

Sorry, you didn’t show up as a customer here; we’ll need to double-check those code paths. I agree that extending the existing blacklist feature to regular expressions is something we should get to in 1.7.


(Alex Sherwood) #10

I’m a user of the Discourse community at Mondo, rather than a Mondo employee so your code paths might be ok :slight_smile:

Ok great! Thanks.