Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GDPR Considerations #71

Open
bobbingwide opened this issue May 19, 2018 · 7 comments
Open

GDPR Considerations #71

bobbingwide opened this issue May 19, 2018 · 7 comments

Comments

@bobbingwide
Copy link
Owner

@bobbingwide bobbingwide commented May 19, 2018

Most of Oik-bwtrace is not intended for use in a production website. Its primary purpose is to assist problem determination performed by system administrators.
If the Daily Trace Summary report is enabled then the generated files can expose personally identifiable data. I.e. IP addresses.
If tracing is activated then the logs can expose even more detail.
This information could be misused.

Requirement

  • Protect sensitive data from viewing by non-authorised users.
  • Support WordPress Multisite - subdirectory installs and sub domain installs.
  • Do not perform any tracing if the target of the trace output is not explicitly stated.
  • Provide tools to delete files when no longer required.

Proposed solution

  • Require a Trace files directory option field to be specified.
  • This directory should be protected from viewing using the browser.
  • No tracing will be performed when this directory name is not set.
  • Automatically detect whether or not the folder is outside document root
  • Support a variety of mechanisms to determine and validate the Fully Qualified trace files directory from the given path.
  • Allow for tracing from WordPress startup.
@bobbingwide

This comment has been minimized.

Copy link
Owner Author

@bobbingwide bobbingwide commented May 22, 2018

In order to support the deletion of files when no longer required there'll be a Retention period field and a Purge trace files button.

These fields will be in a separate meta box from the Trace options.

@bobbingwide

This comment has been minimized.

Copy link
Owner Author

@bobbingwide bobbingwide commented May 23, 2018

Alpha test results from cwiccer.com

Problems noticed when packing and testing oik-bwtrace v3.0.0-alpha-20180523

  1. Daily trace summary files being written unexpectedly, probably by the zip routine.
    The Trace files directory should be validated before any trace files can be written.
    Trace files should not be written to the current directory

  2. On a Linux server the message about which folders to avoid included duplicates.

Please specify a Trace files directory. 
Preferably use a directory that's not accessible from the browser. 
Avoid using these folders or subdirectories of them: 
/home/cwiccer/public_html, 
/home/cwiccer/public_html/

Note the trailing slash on the second folder name.

  1. Purging files from /home/cwiccer/public_html produced messages
Warning: unlink(/home/cwiccer/public_html/cgi-bin): 
Is a directory in /home/cwiccer/public_html/wp-content/plugins/oik-bwtrace/includes/class-trace-logs.php on line 330

It would appear that the glob() routine lists files it shouldn't. Purging should not be performed when the file name is not set.

  1. Trace files produced when Trace files directory is not specified but Trace generation limit is set.
@bobbingwide

This comment has been minimized.

Copy link
Owner Author

@bobbingwide bobbingwide commented May 25, 2018

Further problems with v3.0.0-alpha-20180524

  • Errors in the PHP error log.
[25-May-2018 06:36:56 UTC] PHP Fatal error:  Uncaught Error: Call to undefined function bw_trace_status_report() in /home/cookie/public_html/wp-content/plugins/oik-bwtrace/admin/class-oik-trace-summary.php:208
Stack trace:
#0 /home/cookie/public_html/wp-content/plugins/oik-bwtrace/admin/class-oik-trace-summary.php(111): OIK_trace_summary->populate_vt_values()
#1 /home/cookie/public_html/wp-includes/class-wp-hook.php(286): OIK_trace_summary->record_vt('')
#2 /home/cookie/public_html/wp-includes/class-wp-hook.php(310): WP_Hook->apply_filters(NULL, Array)
#3 /home/cookie/public_html/wp-includes/plugin.php(453): WP_Hook->do_action(Array)
#4 /home/cookie/public_html/wp-includes/load.php(679): do_action('shutdown')
#5 [internal function]: shutdown_action_hook()
#6 {main}
  thrown in /home/cookie/public_html/wp-content/plugins/oik-bwtrace/admin/class-oik-trace-summary.php on line 208

The problem appeared to be related to the value of the trace actions setting Trace 'shutdown' status report.

@bobbingwide

This comment has been minimized.

Copy link
Owner Author

@bobbingwide bobbingwide commented Sep 6, 2018

The trace files directory needs to be trimmed. otherwise, with a leading space, it will appear to be invalid. Even though the directory may be created files will not be written.

@bobbingwide

This comment has been minimized.

Copy link
Owner Author

@bobbingwide bobbingwide commented Oct 9, 2018

In the daily trace summary it appears that the remote IP address is recorded incorrectly, as if it’s been overwritten since the start of the transaction. Needs checking.

@bobbingwide

This comment has been minimized.

Copy link
Owner Author

@bobbingwide bobbingwide commented Apr 11, 2019

Other requirements:

  • Remove the ability to enable or disable tracing using shortcodes; delete [bwtron] and [bwtroff]
  • Reflect the reduced functionality of the [bwtrace] shortcode in the admin page
    • Update Notes about oik trace
    • Remove Trace options and reset button
@bobbingwide

This comment has been minimized.

Copy link
Owner Author

@bobbingwide bobbingwide commented Nov 29, 2019

I reckon it's nearly time to close this issue. But first, I want to add an extra button to allow daily trace summary files to be purged separately from the other trace files.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
1 participant
You can’t perform that action at this time.