View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
07397 | Feature requests | Survey participants (Tokens) | public | 2010-03-16 05:22 | 2021-05-10 11:33 |
Reporter | Assigned To | c_schmitz | |||
Priority | normal | Severity | feature | ||
Status | closed | Resolution | won't fix | ||
Summary | 07397: Anonymous Survey not fool proof | ||||
Description | Having to create a anonymous survey that have to be done once by the user, I use the token management screen that you provide. Even if the survey is anonymous, the administrator can deduct wich candidate has completed the survey. First by having an email notification and looking into the token management screen to see wich one of the user has completed the survey. It's a scretch (if you have a lot of user), but it a risk. (for me at least) but a real treath for the fisrt user who respond to the survey... | ||||
Additional Information | A possible solution: Hide the completed field. A way to prevent this is to hide the completed field and have a reset button instead if you want to ask the user to do the survey again. That's in the token management screen. This condition could be only for anonymous survey. That way, i don't know who has completed the survey and now it's more anonymous. And been myself a little paranoid regarding security, I would encrypt the completed field in the lime_token table so a administrator with mySql skill could not see the result via PhPAdmin | ||||
Tags | No tags attached. | ||||
Bug heat | 4 | ||||
Story point estimate | |||||
Users affected % | |||||
Hiding is not a solution, because you have access to the DB . The only real solution is : don't update token table when user start or end a survey. |
|
Given enough criminal energy there is always a way. The anonymization is not foolprof towards the administrator but meant to be foolproof against someone who accidentally or willingly has insight to the result data at some point in the future. |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2014-02-27 14:59 | DenisChenu | Note Added: 28999 | |
2014-02-27 15:37 | c_schmitz | Note Added: 29006 | |
2016-12-08 10:39 | c_schmitz | Category | Tokens => Survey participants (Tokens) |
2021-05-10 11:33 | c_schmitz | Assigned To | => c_schmitz |
2021-05-10 11:33 | c_schmitz | Status | acknowledged => closed |
2021-05-10 11:33 | c_schmitz | Resolution | open => won't fix |