Initial Reactions from Thomas & Will

[wibeasley]

@dgeller-OUHSC (cc: @thomasnwilson ) After our initial look at the code, we have a few reactions below. An larger question is does Campus Policy require consulting Randy and April, since this solution involves more than just REDCap. Let's remember to discuss this during our afternoon meeting.

1. The text that is being converted to audio comes from the item prompt, correct? And the prompts sometimes pipe information from previous responses, correct? In that case, could PHI ever be included in the text that is converted to audio? How are you ensuring this could not happen? If it must happen, the larger architecture probably has to pass through April & Randy for approval.

2. We're concerned that foundational REDCap source code is being altered. Let's talk about alternative solutions.

   Unfortunately, REDCap hasn’t made the TTS url a setting yet, so in order to get REDCap to use the service, 1 line needs to be changed in speak.php

   • Does this change break any links or something with the rest of the source code? Even if it doesn't in the current version, it will need to be checked for every future upgrade. A ramification is that this project would need to be tightly coupled with the REDCap admin during upgrades, or else your users will be denied (at best).
   • How could this affect other users and projects?

3. How can convertText be more thoroughly sanitized?

   BTW, we see the urlencode() function on the REDCap side (in speak.php).

[dgeller-OUHSC]

Hi Will.

Responses below:

1.  The text that is being converted to audio comes from the item prompt, correct? And the prompts sometimes pipe information from previous responses, correct? In that case, could PHI ever be included in the text that is converted to audio? How are you ensuring this could not happen? If it must happen, the larger architecture probably has to pass through April & Randy for approval.
   

Yes and yes. Redcap does not send the information if you’re piping from a value that is designated as an identifier, but otherwise the text values are piped right along. The onus would be on the survey designer to designate that. It’s worth noting, hosting the TTS locally on the Redcap server is actually more secure, as the information is not going across the internets to Vanderbilt and back (albeit over SSL).

1.  We're concerned that foundational REDCap source code is being altered. Let's talk about alternative solutions.
   

   Agreed, I think altering the source is a bad option. I tried to think of a few ways to bypass it, but the only ideas I could think of would require re-implementing the entire text-to-speech conversion stack. Let’s brainstorm.

Unfortunately, REDCap hasn’t made the TTS url a setting yet, so in order to get REDCap to use the service, 1 line needs to be changed in speak.php

 *   Does this change break any links or something with the rest of the source code? Even if it doesn't in the current version, it will need to be checked for every future upgrade. A ramification is that this project would need to be tightly coupled with the REDCap admin during upgrades, or else your users will be denied (at best).

I can’t think of a scenario where this would affect anything else, as $content is a binary store of the converted text audio. The only time this variable would come into play is when TTS is enabled and called. I share your other concerns, with the caveat that the worst scenario I can envision would only affect the binary content of an audio file on TTS-enabled surveys.

 *   How could this affect other users and projects?

The $content value is a global setting, so it will affect all surveys that enable TTS. I think we could implement a project specific implementation, but I’m not sure if this would be useful, as the current TTS implementation is basically broken.

1.  How can convertTexthttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_dgeller-2DOUHSC_winTTSService_blob_1226a3109ba006e0c1669ff9187ef53ed535e8c3_TTS-5FServiceLibrary_TTSService.cs-23L16&d=BQMFaQ&c=qRnFByZajCb3ogDwk-HidsbrxD-31vTsTBEIa6TCCEk&r=fkVZrk0SNfaulOI4T14QlybaZXaAUSRxLpjv_cW7VmM&m=pO6BYz1ly8UV1Q0x9tnFfS2vqAcRwkZsGLoyHqOH2kw&s=r3oN45C6yq7NwjNQIgMXhO5i4ggXhTmYhpnU-GLpyRM&e= be more thoroughly sanitized?
   

   Good point. I was relying on the sanitation being done by Redcap, but that’s a bad way to do it. At the least I could re-apply the existing redcap JavaScript sanitation.

BTW, we see the urlencode() function on the REDCap side (in speak.php).
I’m surprised this hasn’t cause problems already. I’m guessing Redcap’s text pre-processing is preventing it. I’ll add urldecode to the TTS side, nice catch.

From: Will Beasley [mailto:notifications@github.com]
Sent: Monday, February 15, 2016 10:27 AM
To: dgeller-OUHSC/winTTSService winTTSService@noreply.github.com
Cc: Geller, Daryl W (HSC) Daryl-Geller@ouhsc.edu
Subject: [winTTSService] Initial Reactions from Thomas & Will (#1)

@dgeller-OUHSChttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_dgeller-2DOUHSC&d=BQMFaQ&c=qRnFByZajCb3ogDwk-HidsbrxD-31vTsTBEIa6TCCEk&r=fkVZrk0SNfaulOI4T14QlybaZXaAUSRxLpjv_cW7VmM&m=pO6BYz1ly8UV1Q0x9tnFfS2vqAcRwkZsGLoyHqOH2kw&s=yRSODU0hWBp7fS4nFKTJa0Knk_-OBkryGFdRJDlxH1E&e= (cc: @thomasnwilsonhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_thomasnwilson&d=BQMFaQ&c=qRnFByZajCb3ogDwk-HidsbrxD-31vTsTBEIa6TCCEk&r=fkVZrk0SNfaulOI4T14QlybaZXaAUSRxLpjv_cW7VmM&m=pO6BYz1ly8UV1Q0x9tnFfS2vqAcRwkZsGLoyHqOH2kw&s=W4pn3mSUacZzlstB9y-f0j7fXItX9sMTQVbvzu1XjpM&e= ) After our initial look at the code, we have a few reactions below. An larger question is does Campus Policy require consulting Randy and April, since this solution involves more than just REDCap. Let's remember to discuss this during our afternoon meeting.

1.  The text that is being converted to audio comes from the item prompt, correct? And the prompts sometimes pipe information from previous responses, correct? In that case, could PHI ever be included in the text that is converted to audio? How are you ensuring this could not happen? If it must happen, the larger architecture probably has to pass through April & Randy for approval.
   

2.  We're concerned that foundational REDCap source code is being altered. Let's talk about alternative solutions.
   

Unfortunately, REDCap hasn’t made the TTS url a setting yet, so in order to get REDCap to use the service, 1 line needs to be changed in speak.php

 *   Does this change break any links or something with the rest of the source code? Even if it doesn't in the current version, it will need to be checked for every future upgrade. A ramification is that this project would need to be tightly coupled with the REDCap admin during upgrades, or else your users will be denied (at best).
 *   How could this affect other users and projects?

1.  How can convertTexthttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_dgeller-2DOUHSC_winTTSService_blob_1226a3109ba006e0c1669ff9187ef53ed535e8c3_TTS-5FServiceLibrary_TTSService.cs-23L16&d=BQMFaQ&c=qRnFByZajCb3ogDwk-HidsbrxD-31vTsTBEIa6TCCEk&r=fkVZrk0SNfaulOI4T14QlybaZXaAUSRxLpjv_cW7VmM&m=pO6BYz1ly8UV1Q0x9tnFfS2vqAcRwkZsGLoyHqOH2kw&s=r3oN45C6yq7NwjNQIgMXhO5i4ggXhTmYhpnU-GLpyRM&e= be more thoroughly sanitized?
   

BTW, we see the urlencode() function on the REDCap side (in speak.php).

—
Reply to this email directly or view it on GitHubhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_dgeller-2DOUHSC_winTTSService_issues_1&d=BQMFaQ&c=qRnFByZajCb3ogDwk-HidsbrxD-31vTsTBEIa6TCCEk&r=fkVZrk0SNfaulOI4T14QlybaZXaAUSRxLpjv_cW7VmM&m=pO6BYz1ly8UV1Q0x9tnFfS2vqAcRwkZsGLoyHqOH2kw&s=A1SokTTqbh2fKYu6yQkca0osMXcxNlmWsfpxC7Kj1nA&e=.