Page MenuHomePhabricator

Re-evaluate Limesurvey
Closed, DeclinedPublic

Description

Many years ago, https://www.limesurvey.org was blocked by ops as it accepted sql injections. The service seems to have developed a lot recently, and it would help us to get back to using our limesurvey account (for free!) if the situation now is safer.

Event Timeline

Moushira created this task.Aug 19 2015, 6:21 PM
Moushira raised the priority of this task from to Needs Triage.
Moushira updated the task description. (Show Details)
Moushira added a project: acl*sre-team.
Moushira added subscribers: Moushira, faidon.
Restricted Application added subscribers: Matanya, Aklapper. · View Herald TranscriptAug 19 2015, 6:21 PM
Moushira updated the task description. (Show Details)Aug 19 2015, 6:24 PM
Moushira set Security to None.
Dzahn added a subscriber: Dzahn.Aug 19 2015, 11:14 PM

Is it about installing LimeSurvey on our servers or about the option to have it hosted on 3rd party servers? There are both "Download" and "Hosting" links.

akosiaris triaged this task as Normal priority.Aug 27 2015, 10:38 AM
akosiaris added a subscriber: akosiaris.
egalvezwmf moved this task from Backlog to Survey Tools on the Surveys board.Aug 27 2015, 3:06 PM

Is anyone working on this? Thanks!

To clarify, are you saying you're asking if we can run this hosted on limeservice.org?

egalvezwmf added a comment.EditedAug 28 2015, 7:37 PM

I think @Moushira would be able to answer more clearly. But the goal here is; we want to have the option to use limesurvey because it is an open source survey software. We currently use Qualtrics and Google forms. Quick survey is being developed, but it only allows for 1 question and we will need complex skip patterns.

We've heard that Limesurvey was banned because of security issues, but the software seems to have changed in the last few years. Are you aware of any issues with using Limesurvey now? Can we use this service? (Do you know anyone who would know the history?) How can we get to use this service?

Thanks! Let me know if that is clearer. I'd be happy to expand on anything if further clarification is needed.

So the two uses (hosted ourselves vs hosted at another organization) have very different requirements.

If we're hosting this ourselves, then we need to do a security review of the codebase. It's almost 1M sloc's, which is honestly nearly impossible for me to schedule in right now (and it would take several week to do the review). And the very quick look I took at some samples were not encouraging. So I wouldn't recommend we go that route.

If you're hosting at another organization with a non-WMF domain, then we would want to do due diligence that as an organization we're comfortable with how they would protect our users privacy and the controls they have in place to protect it. After that, consult with legal on how you communicate to the users they will be governed by a different privacy policy before they link to the site. But other than that, no other security review.

I asked around and no one remembers who got the old version removed. Maybe @tstarling?

Thanks @csteipp for your help, and indeed, it was @tstarling who got the old version removed. So apparently we should host it on third party servers, what are the next steps needed, security wise, in order to go forward this solution? Thanks again.

Elitre added a subscriber: Elitre.Sep 8 2015, 4:12 PM
chasemp added a subscriber: chasemp.

removed ops since us hosting it seems off the table.

Hey @chasemp - can you offer some information about why hosting is off the table? Thanks!

egalvezwmf moved this task from Proposals to Backlog on the Surveys board.

Hi @chasemp just pinging you on my last question. We get requests from communities/affiliates about this, so we need to be able to clearly communicate why this is off the table.

Thanks!

chasemp removed chasemp as the assignee of this task.Feb 8 2016, 4:09 PM

I was reflecting the conclusions above me more than decision making.

Hey @chasemp - can you offer some information about why hosting is off the table? Thanks!


So the two uses (hosted ourselves vs hosted at another organization) have very different requirements.
If we're hosting this ourselves, then we need to do a security review of the codebase. It's almost 1M sloc's, which is honestly nearly impossible for me to schedule in right now (and it would take several week to do the review). And the very quick look I took at some samples were not encouraging. So I wouldn't recommend we go that route.
If you're hosting at another organization with a non-WMF domain, then we would want to do due diligence that as an organization we're comfortable with how they would protect our users privacy and the controls they have in place to protect it. After that, consult with legal on how you communicate to the users they will be governed by a different privacy policy before they link to the site. But other than that, no other security review.
I asked around and no one remembers who got the old version removed. Maybe @tstarling?

Thanks @csteipp for your help, and indeed, it was @tstarling who got the old version removed. So apparently we should host it on third party servers, what are the next steps needed, security wise, in order to go forward this solution? Thanks again.

Thanks @chasemp for pasting that - I missed that somehow in the previous conversation.

I want to keep this task open for now and in the backlog on the Surveys board assigned to me; I'd like to keep this on the backburner if/when we may have time to better integrate it into WMF work. We are using Qualtrics right now which is not open source and I know there is a keen interest inside and outside the WMF to move to open source if we are able to. Thanks!

Dzahn removed a subscriber: Dzahn.Feb 16 2016, 7:03 PM

Can someone clarify who should do the "due diligence that as an organization we're comfortable with how they would protect our users privacy and the controls they have in place to protect it"? Clearly a subtask needs to be written and assigned to this person, just so that it is super obvious what the next step is, regardless of when it can happen. Thanks.

Hi @Elitre ! That would be the security team, I just don't expect this is high on their priority or ours at this time, but it is definitely on my radar for the long-term. The security review might be just one part. I think we also need to think about managing the account and examining at how the software will work for our needs. @dpatrick - anything you can say from the security side? When might you have bandwidth to help with reviewing this software for Foundation use? Thanks!

If someone wants a security review from the Security-Team (=not a single person), please follow https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Security_reviews#Requesting_a_review by creating a dedicated subtask of this very task under the Security-Team-Reviews project. Thanks!

Thanks @Aklapper ! Perhaps a few of us can start to explore the software as a potential solution before we do the security review. I may have time to start this next quarter. @Elitre - would you like to be involved with this? Anyone else I should ask to help? Thanks!

Elitre added a comment.Jun 5 2017, 6:41 PM

Please define involvement :) Putting it on my team's radar for the moment. Really glad to hear it's actually getting tabled.

Pcoombe added a subscriber: Pcoombe.Jan 4 2018, 2:42 PM

So to clarify - There is still interest in using lime survey, right (The third party site, not the software package)? And the question that you want answered, is what sort of security related language should be included in a potential contract with limesurvey.org ?

I'd start with asking what would be our use case of using Linesurvey in 2018.
This task lacks a desc of a problem that might get solved by Limesurvey (or not)...

So to clarify - There is still interest in using lime survey, right (The third party site, not the software package)? And the question that you want answered, is what sort of security related language should be included in a potential contract with limesurvey.org ?

The interest is, AFAIK, in using a free tool vs a proprietary one, since security was given as a reason to adopt the latter, for which we're paying a license (which I understand also covers community's usage of the tool).
The use cases would be the same for which we're currently using Qualtrics, which powers most of the largest consultations we run as an org.

Reedy changed the task status from Open to Stalled.Sep 11 2018, 7:39 PM
Reedy edited projects, added Security; removed Security-Team-Reviews.
Reedy removed subscribers: dpatrick, Moushira.
Reedy added a subscriber: Reedy.Sep 11 2018, 7:41 PM

Re-tagging.

If it's decided that "we" (Wikimedia) actually want to use it, then a review should task should be created per the standard guidelines.

This task is kinda vague, suggesting it needs to be hosted on 3rd party servers, I don't think we're going to be doing that going forward.

Is it actually wanted? Has it been explored, deemed fit for purpose (in terms of works for our use cases etc)

Dzahn added a subscriber: Dzahn.Sep 11 2018, 7:45 PM
Aklapper removed egalvezwmf as the assignee of this task.Feb 18 2019, 1:17 AM

https://meta.wikimedia.org/wiki/Surveys implies that Qualtrics is currently used.

Proposing to decline this task as I see noone driving a comparison (or questioning Qualtrics?).

Resetting assignee as the account @egalvezwmf is not active anymore.

Aklapper closed this task as Declined.Mar 11 2019, 11:22 AM