View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000474 | CATS.cacert.org | Database | public | 2008-01-04 23:55 | 2008-02-28 20:43 |
Reporter | evaldo | Assigned To | Ted | ||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Platform | Default | OS | any | OS Version | any |
Product Version | production | ||||
Fixed in Version | production | ||||
Summary | 0000474: Privacy issues concerning user table | ||||
Description | Fields user.CN_name and user.email are not required for operation of CATS. While it is good to have them when looking around the database, having a potential database with tens of thousands of users with email and name is a problem for CAcert, specially because CATS is declared a non-critical system (and I don't see a reason for it being declared otherwise). Having the fields there extends the audit work to CATS, and extends our database security and DPA concerns. Please remove such fields Evaldo | ||||
Additional Information | CREATE TABLE `user` ( `user_id` varchar(10) collate latin1_general_ci NOT NULL default '0', `CN_name` varchar(100) collate latin1_general_ci NOT NULL default '', `lang` char(2) collate latin1_general_ci NOT NULL default '', `admin` enum('1','0') collate latin1_general_ci NOT NULL default '1', `email` varchar(100) collate latin1_general_ci NOT NULL default '', `sendCert` set('no','email','post') collate latin1_general_ci NOT NULL default 'no', `root` set('CA Cert Signing Authority','CAcert Class 3 Root') collate latin1_general_ci NOT NULL default '', PRIMARY KEY (`user_id`,`root`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci; | ||||
Tags | No tags attached. | ||||
|
CN_name and email are needed to create PDF and paper certificates. They are not needed if no certificate is requested. Proposed solution: The fields will only be filled if a PDF or paper certificate is requested. They will be emptied after processing of the certificate is completed. The user will be informed about this policy before requesting a certificate. A detailed privacy policy for CATS is pending. |
|
Please comment about proposed solution. |
|
Currently the table user_address fullfills that requirement, asking for the user's name and address, but even that one I am going to dispute in a new bug to come :) People responsible for fetching the results and processing the certificates should have access to the main database, fetching the required information from there instead of storing personal data in a non-critical system. Ideally, CATS should store ZERO personal data (of course, we store cert serial number). |
|
According to Evaldo this is a major but no blocking issue (service needs not be stopped immideately), so I modified the severity. |
|
installed on CATS server |
Date Modified | Username | Field | Change |
---|---|---|---|
2008-01-04 23:55 | evaldo | New Issue | |
2008-01-04 23:55 | evaldo | Status | new => needs work |
2008-01-04 23:55 | evaldo | Assigned To | => Ted |
2008-01-05 00:11 | Ted | Note Added: 0000983 | |
2008-01-05 00:12 | Ted | Note Added: 0000984 | |
2008-01-05 00:12 | Ted | Assigned To | Ted => evaldo |
2008-01-05 00:12 | Ted | Status | needs work => needs feedback |
2008-01-05 00:41 | evaldo | Note Added: 0000985 | |
2008-01-05 00:42 | evaldo | Status | needs feedback => needs work |
2008-01-05 00:42 | evaldo | Assigned To | evaldo => Ted |
2008-01-05 01:15 | evaldo | Relationship added | related to 0000476 |
2008-01-08 22:56 | Ted | Note Added: 0000994 | |
2008-01-08 22:56 | Ted | Severity | block => major |
2008-01-11 20:02 | Ted | Status | needs work => solved? |
2008-01-11 20:02 | Ted | Fixed in Version | => production |
2008-01-11 20:02 | Ted | Resolution | open => fixed |
2008-01-11 20:02 | Ted | Note Added: 0000996 | |
2008-02-28 20:43 | Ted | Status | solved? => closed |