Don't send sensitive data via e-mail

zalmanu / project-spartan

Project Spartan -- hire someone to carry out tasks for you.

GNU General Public License v3.0

6 stars 3 forks source link

Don't send sensitive data via e-mail #161

Closed zalmanu closed 8 years ago

zalmanu commented 8 years ago

Check the Spartan.activation_email

The e-mail should contain the minimum information that if leaked does not compromise the user. For the rest you should add a link which opens a page to the profile of the user. Something like:

You can review your complete account details here: <LongLinkToProfilePage>