Loading...
 

Tiki DB Redactor

 Disclaimer

Failing to understand what the limitations of this tool are and freely passing around community databases makes you a dickhead. One should never pass around databases except on a need to basis, and in those cases this tool makes it easier to remove information that should never be passed around in any case.

Code

https://sourceforge.net/p/tikiwiki/code/HEAD/tree/trunk/lib/core/Tiki/Command/RedactDBCommand.php

Idea

Have a cool tool to pass databases around for debugging purposes without disclosing too sensitive information, and to avoid the debugging process to send out watch emails for example to the "users" of the site when it is not real activity. If any emails get sent out it could also contain links to the testing site which confuse users further. Added benefit: db dumps for debugging are small. Some kind of Tiki DB Anonymiser.

Initial use case should be for *.tiki.org content, and later on, this can be improved so it's useful for any Tiki instance.

This should be done with the Tiki Console framework

Problems

It's the worst idea ever, see for example: A Face Is Exposed for AOL Searcher No. 4417749 or Identifying People using Anonymous Social Networking Data.

As every need for redaction stems from another problem, it is impossible to create the perfect tool for all of them. We don't even know what we have to anonymise: Fitness tracking app Strava gives away location of secret US army bases.

If the users of a Tiki site do not agree with the passing around of the underlying database dump - whether the redactor is used or not - it is always a misappropriation of community members' data they entrusted to their service provider!

Use cases

  • Performance testing: devs need a real-World data set to see where the bottlenecks are
  • New feature development.

Things to redact

Basically everything that is not needed for the final use case, but usual suspects that promise to raise the cost of gathering individual-related information are:

user data

  • credits and payments (tiki_payment_*, tiki_credits*, tiki_acct*) priority high
  • user names (users_users) priority medium partly, some other tables still have them
  • email, password (users_users) priority high partly, just as user names
  • user bookmarks (tiki_user_bookmarks_urls) priority low
  • user calendars (tiki_calendars, tiki_minical_events, tiki_minical_topics) priority low
  • user contacts (tiki_webmail_contacts) priority low
  • user files (tiki_files, tiki_file_drafts, tiki_images) priority low
  • user mail accounts (tiki_user_mail_accounts, tiki_mail_queue) priority high
  • user messages (messu_messages, messu_archive, messu_sent) priority high
  • user notes (tiki_user_notes) priority low
  • user tasks (tiki_user_tasks*) priority low
  • user watches (tiki_user_watches) priority high emails redacted

session data

  • sessions priority high
  • tiki_cookies priority high
  • tiki_sessions priority high

tables containing ip addresses / email addresses

  • tiki_actionlog priority low
  • tiki_banners priority low
  • tiki_banning (ip addresses) priority low
  • tiki_invited (email) priority high
  • tiki_newsletter_subscriptions (email) priority high
  • tiki_sent_newsletter_errors (email) priority high
  • tiki_logs (username / ip matching) priority low
  • users_users (email) priority high

tables containing passwords

  • tiki_dsn (db passwords) priority high
  • tiki_mailin_accounts priority high

global tiki configuration data

  • google connection data (map api key, ...) priority high
  • intertiki config priority high
  • ldap connection data etc. priority high
  • login passcode if it's sent by admin only priority high (what's this?)
  • a variety of access tokens/api tokens for 3rd party apps. priority high
  • register passcode

other tables with general privacy problems on export

  • tiki_auth_tokens (auth-tokens, email adresses) priority high
  • tiki_connect ? priority medium
  • tiki_forum_reads (general privacy issue) priority low
  • tiki_history (mixed junk of old versions of public and private items of all kind) priority low
  • tiki_live_support_messages (may contain emails and passwords) priority low
  • tiki_live_support_requests (may contain emails and passwords) priority low
  • tiki_mail_events (email addresses) priority high
  • tiki_preferences priority low
  • tiki_referer_stats priority low
  • tiki_source_auth priority low
  • tiki_user_reports_cache ? priority low
  • tiki_webservice (may contain private urls and login data for webservices) priority high

strip tables to make the archive smaller

  • tiki_secdb priority low
  • tiki_history priority low
  • caches for urls etc. priority low

*.tiki.org specials

  • user data in trackers priority medium

more things

http://sourceforge.net/p/tikiwiki/code/47257

Comments:

  • emails: even better is to have an option to replace by test mails priority medium
  • objects: remove all wiki pages, blog posts, tracker items, files, etc. not visible to anonymous users (so keep data that could be crawled) priority low

Future Ideas

Related links

alias

Keywords

The following is a list of keywords that should serve as hubs for navigation within the Tiki development and should correspond to documentation keywords.

Each feature in Tiki has a wiki page which regroups all the bugs, requests for enhancements, etc. It is somewhat a form of wiki-based project management. You can also express your interest in a feature by adding it to your profile. You can also try out the Dynamic filter.

Accessibility (WAI & 508)
Accounting 7.x
Administration
Ajax 2.x
Articles & Submissions
Backlinks
Banner
Batch 6.x
BigBlueButton audio/video/chat/screensharing (5.x)
Blog
Bookmark
Browser Compatibility
Calendar
Category
Chat
Comment
Communication Center
Consistency
Contacts Address book
Contact us
Content template
Contribution 2.x
Cookie
Copyright
Credits 6.x
Custom Home (and Group Home Page)
Database MySQL - MyISAM
Database MySQL - InnoDB
Date and Time
Debugger Console
Directory (of hyperlinks)
Documentation link from Tiki to doc.tiki.org (Help System)
Docs 8.x
DogFood
Draw 7.x
Dynamic Content
Preferences
Dynamic Variable
External Authentication
FAQ
Featured links
Feeds (RSS)
File Gallery
Forum
Friendship Network (Community)
Group
Help
History
Hotword
HTML Page
i18n (Multilingual, l10n, Babelfish)
Image Gallery
Import-Export
Install
Integrator
Interoperability
Inter-User Messages
InterTiki
jQuery
Kaltura video management
Karma
Live Support
Logs (system & action)
Lost edit protection
Mail-in
Map
Menu
Meta Tag
Missing features
Visual Mapping 3.x
Mobile Tiki and Voice Tiki
Mods
Modules
MultiTiki
MyTiki
Newsletter
Notepad
OS independence (Non-Linux, Windows/IIS, Mac, BSD)
Organic Groups (Self-managed Teams)
Payment 5.x
PDF
Performance Speed / Load / Compression / Cache
Permission
Poll
Profiles
Quiz
Rating
Realname
Report
Revision Approval
Score
Search engine optimization (SEO)
Search
Security
Semantic links 3.x
Share
Shopping Cart 5.x
Shoutbox
Site Identity
Slideshow
Smarty Template
Social Networking
Spam protection (Anti-bot CATPCHA)
Spellcheck
Spreadsheet
Staging and Approval
Stats
Survey
Syntax Highlighter (Codemirror)
Tablesorter
Tags 2.x
Task
Tell a Friend, alert + Social Bookmarking
Terms and Conditions
Theme
TikiTests 2.x
Timesheet
Token Access
Toolbar (Quicktags)
Tours
Trackers
TRIM
User Administration
User Files
User Menu
Watch
WebHelp
Webmail and Groupmail
WebServices 3.x
Wiki 3D
Wiki History, page rename, etc
Wiki plugins extends basic syntax
Wiki syntax text area, parser, etc
Wiki structure (book and table of content)
Workspace and perspectives 4.x
WYSIWTSN 4.x
WYSIWYCA
WYSIWYG 2.x
XMLRPC




Useful Tools