0000476: user_address table contains sensitive information and should be treated as such

ID	Project	Category	View Status	Date Submitted	Last Update

0000476	CATS.cacert.org	Database	public	2008-01-05 00:52	2008-02-28 20:42

Reporter	evaldo	Assigned To	Ted
Priority	normal	Severity	major	Reproducibility	always
Status	closed	Resolution	fixed
Platform	Default	OS	any	OS Version	any
Product Version	production
Fixed in Version	production

Summary	0000476: user_address table contains sensitive information and should be treated as such
Description	User Addresses are not part of the testing process. That said, CAcert might choose to store critical/sensitive data on critical/sensitive servers, while leaving non-critical testing service running on non-critical server. This would require modifications in both the main website system and on the CATS system to adapt the changes. The gains from such a move are substantial, in which CATS would not store any personal data, avoiding problems with privacy policies, data protection agencies, directives and laws, security breach of non-critical servers/services, and offshore data processing. Just to remember about the possibly outsourced nature of CATS, CAcert would be immune to third-party DPA violations in such case.
Tags	No tags attached.

Date Modified	Username	Field	Change
2008-01-05 00:52	evaldo	New Issue
2008-01-05 00:52	evaldo	Status	new => needs work
2008-01-05 00:52	evaldo	Assigned To	=> Ted
2008-01-05 01:15	evaldo	Relationship added	related to 0000474
2008-01-07 22:49	Ted	Note Added: 0000993
2008-01-07 22:49	Ted	Status	needs work => @30@
2008-01-11 20:03	Ted	Status	@30@ => solved?
2008-01-11 20:03	Ted	Fixed in Version	=> production
2008-01-11 20:03	Ted	Resolution	open => fixed
2008-01-11 20:03	Ted	Note Added: 0000997
2008-02-28 20:42	Ted	Status	solved? => closed

Ted 2008-01-07 22:49 administrator ~0000993	Code is modified not to store sensitive data. Please check https://secure.test1.cacert.at/training

Ted 2008-01-11 20:03 administrator ~0000997	installed on CATS server