- π©πͺGermany TipiT Hamburg
I would say that this is a high priority issue, because this module is the only one that supports encrypting field values in Drupal. Additionally there is no module that supports encrypting usernames.
Because "Username" is considered PII (personal identifiable information) and should be always kept encrypted. There are a lot of companies using Drupal that are under GDPR, HIPAA or storing information as a part of a medical device. Does this means Drupal is not a option for them, because there is no solution to encrypt the "Username"?
- πΊπΈUnited States damondt
@TipiT It's possible to encrypt usernames, the default username field could be autofilled and hidden and optionally an encrypted psudo-username field added. This patch just gets it to work on the default username field. And I don't think GDPR applies here, my understanding is that only requires consent for data storage as opposed to encryption.
- π©πͺGermany TipiT Hamburg
@damondt I would argue that's a hack, at least a workaround, not the same as encrypting the username field. Actually that is already what we do for security reasons, but like already said, it's not exactly the same thing, because login etc. gets more complicated.
I think you are right about the GDPR, but as a good guidance, any PII should be stored encrypted.
- π²π½Mexico jaimeah
I am seeing an issue with this patch: while this does encrypt the username, it does not allow you to login back again: the unencrypted value becomes unavailable.
- π«π·France Uroki
Hello,
I quickly modified the patch to work with the 3.2.X branch. The validation.constraint service is call staticaly in it.
If a got the time i will make a proper Merge Request.