joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Strip personally identifiable information from user table for unauthorized users.

Browse Source 
- add a config option to explicitly enumerate pii fields beyond email
- in query controller, strip pii of user table results before sending out the door.
This commit is contained in:
Arthur Cinader
2016-12-01 17:04:09 -08:00
committed by Florent Vilmart
parent a270632570
commit 01b05b060f
6 changed files with 546 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/defaults.js
View File

@@ -31,5 +31,6 @@ export default {
sessionLength: 31536000,
expireInactiveSessions: true,
revokeSessionOnPasswordReset: true,
schemaCacheTTL: 5000 // in ms
schemaCacheTTL: 5000, // in ms
userSensitiveFields: ['email']
}