View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0000474||CATS.cacert.org||Database||public||2008-01-04 23:55||2008-02-28 20:43|
|Fixed in Version||production|
|Summary||0000474: Privacy issues concerning user table|
|Description||Fields user.CN_name and user.email are not required for operation of CATS.|
While it is good to have them when looking around the database, having a potential database with tens of thousands of users with email and name is a problem for CAcert, specially because CATS is declared a non-critical system (and I don't see a reason for it being declared otherwise).
Having the fields there extends the audit work to CATS, and extends our database security and DPA concerns.
Please remove such fields
|Additional Information||CREATE TABLE `user` (|
`user_id` varchar(10) collate latin1_general_ci NOT NULL default '0',
`CN_name` varchar(100) collate latin1_general_ci NOT NULL default '',
`lang` char(2) collate latin1_general_ci NOT NULL default '',
`admin` enum('1','0') collate latin1_general_ci NOT NULL default '1',
`email` varchar(100) collate latin1_general_ci NOT NULL default '',
`sendCert` set('no','email','post') collate latin1_general_ci NOT NULL default 'no',
`root` set('CA Cert Signing Authority','CAcert Class 3 Root') collate latin1_general_ci NOT NULL default '',
PRIMARY KEY (`user_id`,`root`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci;
|Tags||No tags attached.|
CN_name and email are needed to create PDF and paper certificates. They are not needed if no certificate is requested.
The fields will only be filled if a PDF or paper certificate is requested. They will be emptied after processing of the certificate is completed.
The user will be informed about this policy before requesting a certificate.
||Please comment about proposed solution.|
Currently the table user_address fullfills that requirement, asking for the user's name and address, but even that one I am going to dispute in a new bug to come :)
People responsible for fetching the results and processing the certificates should have access to the main database, fetching the required information from there instead of storing personal data in a non-critical system. Ideally, CATS should store ZERO personal data (of course, we store cert serial number).
||According to Evaldo this is a major but no blocking issue (service needs not be stopped immideately), so I modified the severity.|
||installed on CATS server|
|2008-01-04 23:55||evaldo||New Issue|
|2008-01-04 23:55||evaldo||Status||new => needs work|
|2008-01-04 23:55||evaldo||Assigned To||=> Ted|
|2008-01-05 00:11||Ted||Note Added: 0000983|
|2008-01-05 00:12||Ted||Note Added: 0000984|
|2008-01-05 00:12||Ted||Assigned To||Ted => evaldo|
|2008-01-05 00:12||Ted||Status||needs work => needs feedback|
|2008-01-05 00:41||evaldo||Note Added: 0000985|
|2008-01-05 00:42||evaldo||Status||needs feedback => needs work|
|2008-01-05 00:42||evaldo||Assigned To||evaldo => Ted|
|2008-01-05 01:15||evaldo||Relationship added||related to 0000476|
|2008-01-08 22:56||Ted||Note Added: 0000994|
|2008-01-08 22:56||Ted||Severity||block => major|
|2008-01-11 20:02||Ted||Status||needs work => solved?|
|2008-01-11 20:02||Ted||Fixed in Version||=> production|
|2008-01-11 20:02||Ted||Resolution||open => fixed|
|2008-01-11 20:02||Ted||Note Added: 0000996|
|2008-02-28 20:43||Ted||Status||solved? => closed|