View Issue Details

IDProjectCategoryView StatusLast Update
0000476CATS.cacert.orgDatabasepublic2008-02-28 20:42
Reporterevaldo Assigned ToTed  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
PlatformDefaultOSany 
Product Versionproduction 
Fixed in Versionproduction 
Summary0000476: user_address table contains sensitive information and should be treated as such
DescriptionUser Addresses are not part of the testing process. That said, CAcert might choose to store critical/sensitive data on critical/sensitive servers, while leaving non-critical testing service running on non-critical server.

This would require modifications in both the main website system and on the CATS system to adapt the changes. The gains from such a move are substantial, in which CATS would not store any personal data, avoiding problems with privacy policies, data protection agencies, directives and laws, security breach of non-critical servers/services, and offshore data processing.

Just to remember about the possibly outsourced nature of CATS, CAcert would be immune to third-party DPA violations in such case.
TagsNo tags attached.

Relationships

related to 0000474 closedTed Privacy issues concerning user table 

Activities

Ted

2008-01-07 22:49

administrator   ~0000993

Code is modified not to store sensitive data. Please check https://secure.test1.cacert.at/training

Ted

2008-01-11 20:03

administrator   ~0000997

installed on CATS server

Issue History

Date Modified Username Field Change
2008-01-05 00:52 evaldo New Issue
2008-01-05 00:52 evaldo Status new => needs work
2008-01-05 00:52 evaldo Assigned To => Ted
2008-01-05 01:15 evaldo Relationship added related to 0000474
2008-01-07 22:49 Ted Note Added: 0000993
2008-01-07 22:49 Ted Status needs work => @30@
2008-01-11 20:03 Ted Status @30@ => solved?
2008-01-11 20:03 Ted Fixed in Version => production
2008-01-11 20:03 Ted Resolution open => fixed
2008-01-11 20:03 Ted Note Added: 0000997
2008-02-28 20:42 Ted Status solved? => closed