Currently : when we export : we export decrypted,

We don't offer (on 4.4 lats time i look) a way to export crypted.

If we offer to export crypted : we need a real key management

This is not for export/import, but for active/deactive survey, and to remember which questions was encrypted. You can change encryption settings between survey activation. It's a bit messy, indeed.

You can change encryption settings between survey activation.

Argl …

« You can change encryption settings at all time» :D

« You can change encryption settings at all time» :D

No no, only when survey is not activated.

Column for sid would be nice. I also vote for a user_id (I just know that I will want to know that at some time or other (customer messes up entire survey, we can see exactly when it happened and who did it)).

tblname - Can we do tbl_name or table_name? We use underscore in the database generally.

tblname : why not only extraname part (the datetime) ? and add sid ?

Unsure about time (and currently not crypted) but 'lime_old_survey_'.$object->sid.'_'$object->extra and 'lime_old_token_'.$object->sid.'_'$object->extra

Then table name are always 'lime_old_'.$object->type.'_'.$object->sid.'_'object->extra or 'lime_old_'.$object->type.'_'.$object->sid.'_'object->whendatetime

When an archived table is deleted the entry should be removed from this table and not kept around - it is not a log

And when survey is deleted too (this one is most easy)

NB: Who should have permission to deactive survey, disable encryption, then activate survey and importing old response table, now saved as clear text?

Updated table schema and details

@shnoulle: No, don't delete archived tables on survey deletion. I might want to load the data into a new copy with the same survey id.

I might want to load the data into a new copy with the same survey id.

We don't delete it currently ?

If not : maybe we need an option ?

Restoration of/access to an archived table should only be allowed for superadmins and user_id

Oh, you broke previous system ? Currently : any admin with response (update/create?) can reload archived table (of current survey).

Oh, you broke previous system ? Currently : any admin with response (update/create?) can reload archived table (of current survey).

Not breaking, more like fixing. If a survey is deleted and I create a survey with the same response ID I could probably access the data from the old response table, even if that data does not belong to me.

If not : maybe we need an option ?

We certainly do - but not right now.

Not breaking, more like fixing. If a survey is deleted and I create a survey with the same response ID

Ok, currently only VV is available.

I could probably access the data from the old response table, even if that data does not belong to me.

I really think it's hard since gid and qid are updated … how do you know this qid is the same than this other qid ?