Page MenuHomePhabricator

Follow on security asks {tick} [3 pts]
Closed, ResolvedPublic


The meeting with Chris Steipp poited out 2 scenarios that are potentially sensitive:

  1. A user writes by mistake sensitive information into a textual field such as username, article title, image title, summary, etc. This information can be deleted from the wiki databases by user's request. But it would stay persisted in EL database if not purged correctly.
  2. A user performs an anonymous edit by mistake. They do not want their IP to be stored, and ask WMF to remove the edit registry from the wiki databases. But again, it would stay stored in EL database, if not correctly purged.

So, we should to auto-purge all fields that can store information like that.

Event Timeline

mforns created this task.Aug 18 2015, 3:59 PM
mforns claimed this task.
mforns raised the priority of this task from to Needs Triage.
mforns updated the task description. (Show Details)
mforns added a project: Analytics-Kanban.
mforns added a subscriber: mforns.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 18 2015, 3:59 PM
mforns moved this task from Next Up to In Progress on the Analytics-Kanban board.Aug 18 2015, 3:59 PM
mforns moved this task from In Progress to Paused on the Analytics-Kanban board.Aug 18 2015, 9:42 PM
mforns moved this task from Paused to Done on the Analytics-Kanban board.Sep 11 2015, 2:42 PM

After discussion with Chris Steipp and other schema owners, we've come to the consensus that for this kind of sensitive structures (see scenarios explained in task description):

  • We'll not auto-purge those fields unless they also present privacy issues of another kind.
  • We'll mark their schemas as "containing user-inputed textual data" in the schema talk page.
  • We'll add/update the necessary documentation to ensure that no-one publishes datasets containing this textual fields.
mforns renamed this task from Follow on security asks {tick} to Follow on security asks {tick} [3 pts].Sep 11 2015, 3:39 PM
mforns set Security to None.
kevinator closed this task as Resolved.Sep 15 2015, 3:28 PM
kevinator added a subscriber: kevinator.