Closed bidi47 closed 3 years ago
This is a feature, not a bug :-)
I think what @bidi47 is trying to say is that @dotkernel.com
is not desired in a production or staging environment.
This can possibly be safe in case of data leaks.
$user->setEmail('anonymous' . date('dmYHis') . '@anonymous.local');
It is a feature because I have catch -all for dotkernel.com. That way i can say if a newsletter or something is sent to an already deleted account, or if an already deleted and anonimized user is trying to login. Is a simple security measure , and once is installed in production, when you are changing the dotkernel branding from source code, the developer can change that to a catch-all domain. Catch-all is the key here
in UserService.php there is this line 173 $user->setEmail('anonymous' . date('dmYHis') . '@dotkernel.com');
do we want our domain hardcoded in the anonymization feature?