Apache Allura™ / Tickets / #4769 Better data scrubbing

#4769 Better data scrubbing

Milestone: unreleased

Status: open

Owner: nobody

Labels: sf-1 (616)

Component: General

Reviewer: nobody

Updated: 2015-04-04

Created: 2012-08-22

Creator: Dave Brondsema

Private: No

scripts/scrub-allura-data.py does not remove all sensitive data. We should drop these collections:

api_*
monq_task
oauth_*
oid_*
openid

And check for further collections that should be dropped too. Also consider our internal SF collections and if any need to be scrubbed as well.

The user collection should scrub all fields that aren't explicitly allowed (possible in a mongo query? perhaps copy partial docs to a new collection and rename). Specific examples we're currently missing: password field, and tool_data (for github import tokens).

Afterwards, https://trac.geek.net/trac/siteops/ticket/51121 can be unblocked

Discussion

Dave Brondsema - 2012-09-07

size: --> 1
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2012-11-02

Milestone: forge-nov-16 --> forge-backlog
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Description has changed:

Diff:

--- old
+++ new
@@ -8,4 +8,6 @@

 And check for further collections that should be dropped too.  Also consider our internal SF collections and if any need to be scrubbed as well.

+The user collection should scrub all fields that aren't explicitly allowed (possible in a mongo query? perhaps copy partial docs to a new collection and rename).   Specific examples we're currently missing: password field, and tool_data (for github import tokens).
+
 Afterwards, https://trac.geek.net/trac/siteops/ticket/51121 can be unblocked

Apache Allura™

Forge software for hosting software projects

Milestone

Searches

Help

#4769 Better data scrubbing

Discussion