MiniMagAsm CMS has a system that allows users to write comments to any of the hosted articles.
The comments post dialog has a field that requires an e-mail address of the user to be filled in. This e-mail address will never be published. The system uses it only in order to generate a globally recognized user avatar, using the online Gravatar system. This way, the user avatars can be consistent across many web sites.
The information sent to the gravatar site is not the e-mail itself, but the MD5 hash of the e-mail string. As long as the reverse transformation is impossible, the user e-mail is safe.
Here is a small example of an avatar generated this way:
This image is generated using my e-mail johnfound at asm32 dot info
Anyway, the user is also free to use any arbitrary string instead, because the e-mail address is never checked for validity. In this case, it is desirable to use one single string across the whole site in order to generate consistent avatar images.
The program that handles the user data in the comment posts is "feedback.cgi". Its source is in the file feedback.asm, accessible in the source repository. Everyone can always check what happens with the private data.
Last modified on: 11.04.2014 09:25:38