View Issue Details

IDProjectCategoryView StatusLast Update
0000474CATS.cacert.orgDatabasepublic2008-02-28 20:43
Reporterevaldo Assigned ToTed  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
PlatformDefaultOSany 
Product Versionproduction 
Fixed in Versionproduction 
Summary0000474: Privacy issues concerning user table
DescriptionFields user.CN_name and user.email are not required for operation of CATS.

While it is good to have them when looking around the database, having a potential database with tens of thousands of users with email and name is a problem for CAcert, specially because CATS is declared a non-critical system (and I don't see a reason for it being declared otherwise).

Having the fields there extends the audit work to CATS, and extends our database security and DPA concerns.

Please remove such fields

Evaldo
Additional InformationCREATE TABLE `user` (
  `user_id` varchar(10) collate latin1_general_ci NOT NULL default '0',
  `CN_name` varchar(100) collate latin1_general_ci NOT NULL default '',
  `lang` char(2) collate latin1_general_ci NOT NULL default '',
  `admin` enum('1','0') collate latin1_general_ci NOT NULL default '1',
  `email` varchar(100) collate latin1_general_ci NOT NULL default '',
  `sendCert` set('no','email','post') collate latin1_general_ci NOT NULL default 'no',
  `root` set('CA Cert Signing Authority','CAcert Class 3 Root') collate latin1_general_ci NOT NULL default '',
  PRIMARY KEY (`user_id`,`root`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci;
TagsNo tags attached.

Relationships

related to 0000476 closedTed user_address table contains sensitive information and should be treated as such 

Activities

Ted

2008-01-05 00:11

administrator   ~0000983

CN_name and email are needed to create PDF and paper certificates. They are not needed if no certificate is requested.

Proposed solution:
The fields will only be filled if a PDF or paper certificate is requested. They will be emptied after processing of the certificate is completed.

The user will be informed about this policy before requesting a certificate.

A detailed privacy policy for CATS is pending.

Ted

2008-01-05 00:12

administrator   ~0000984

Please comment about proposed solution.

evaldo

2008-01-05 00:41

developer   ~0000985

Currently the table user_address fullfills that requirement, asking for the user's name and address, but even that one I am going to dispute in a new bug to come :)

People responsible for fetching the results and processing the certificates should have access to the main database, fetching the required information from there instead of storing personal data in a non-critical system. Ideally, CATS should store ZERO personal data (of course, we store cert serial number).

Ted

2008-01-08 22:56

administrator   ~0000994

According to Evaldo this is a major but no blocking issue (service needs not be stopped immideately), so I modified the severity.

Ted

2008-01-11 20:02

administrator   ~0000996

installed on CATS server

Issue History

Date Modified Username Field Change
2008-01-04 23:55 evaldo New Issue
2008-01-04 23:55 evaldo Status new => needs work
2008-01-04 23:55 evaldo Assigned To => Ted
2008-01-05 00:11 Ted Note Added: 0000983
2008-01-05 00:12 Ted Note Added: 0000984
2008-01-05 00:12 Ted Assigned To Ted => evaldo
2008-01-05 00:12 Ted Status needs work => needs feedback
2008-01-05 00:41 evaldo Note Added: 0000985
2008-01-05 00:42 evaldo Status needs feedback => needs work
2008-01-05 00:42 evaldo Assigned To evaldo => Ted
2008-01-05 01:15 evaldo Relationship added related to 0000476
2008-01-08 22:56 Ted Note Added: 0000994
2008-01-08 22:56 Ted Severity block => major
2008-01-11 20:02 Ted Status needs work => solved?
2008-01-11 20:02 Ted Fixed in Version => production
2008-01-11 20:02 Ted Resolution open => fixed
2008-01-11 20:02 Ted Note Added: 0000996
2008-02-28 20:43 Ted Status solved? => closed