View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|14408||Feature requests||[All Projects] Security||public||2019-01-08 17:32||2019-08-27 11:03|
|Status||closed||Resolution||no change required|
|Target Version||Fixed in Version|
|Summary||14408: DSVGO - sending passwort in plain-text with an e-mail is no longer allowed|
If a user registers to continue the survey later, an e-mail will be sent to him. In this e-mail the user will find the password in plain text. You can also find the password in plain-text in the URL.
|Tags||No tags attached.|
|related to||14049||closed||c_schmitz||Feature requests||Don't send plain text passwords through mail|
|related to||15190||assigned||cdorin||Bug reports||Assigned administration user password is generated randomly, but not time-limited and user is not required to change it|
|related to||14621||new||Feature requests||Hardening PHP during installation|
Same for "Create admin user" => we must use "Single password system"
dont call it password ;-)
Else : in my opinion : must have a checkbox "Put complete link for reload" Y/N : N is better, but Y didn't update for other user.
My general global opinion : muts move whole register system to plugin/extension/module …
dont call it password seems a good solution :)
1.) Which section of the DSGVO / GDPR is forbidding passwords via E-Mail?
But even without DSGVO/GDPR sending passwords directly per E-Mail is not good practice.
For Save / Resume I would recommend to show a precreate "Surveykey, Accesskey" (plus QRCode) and allow people to choose to let it send to them via E-Mail. Their choice.
@adelphi_user, can you pinpoint the article in GDPR that stipulates that? I also know that it is not recommended, but still "acceptable".
Nevertheless, we are aware of the issue you describe and we will change it in the upcoming version; I hope :)
This issue is about sending the token key and participation link when a user registers for a survey. We all agree this is acceptable because the password is a single-use random password.
|2019-01-08 17:32||adelphi_user||New Issue|
|2019-01-09 11:54||DenisChenu||Note Added: 50131|
|2019-01-09 14:54||bismark||Note Added: 50135|
|2019-01-09 15:26||DenisChenu||Note Added: 50137|
|2019-01-10 15:11||LouisGac||Note Added: 50146|
|2019-03-12 15:11||DenisChenu||Relationship added||related to 14049|
|2019-03-12 15:35||DenisChenu||Relationship added||related to 14621|
|2019-03-13 12:02||jelo||Note Added: 50945|
|2019-03-13 12:16||DenisChenu||Note Added: 50947|
|2019-03-14 11:16||cdorin||Note Added: 50976|
|2019-08-27 10:45||DenisChenu||Relationship added||related to 15190|
|2019-08-27 10:48||c_schmitz||Relationship replaced||duplicate of 15190|
|2019-08-27 10:49||c_schmitz||Relationship deleted||15190|
|2019-08-27 11:03||c_schmitz||Assigned To||=> c_schmitz|
|2019-08-27 11:03||c_schmitz||Status||new => closed|
|2019-08-27 11:03||c_schmitz||Resolution||open => no change required|
|2019-08-27 11:03||c_schmitz||Note Added: 53281|
|2019-08-27 11:03||c_schmitz||Relationship added||related to 15190|