bug 1133709 - use '!' to blank password field #3234
bug 1133709 - use '!' to blank password field #3234
Conversation
+1 from Sheeri: |
f8aa57f
to
9e45743
Compare
Assigning @jezdez ... |
email = CONCAT('user-', id, '@example.com'), | ||
first_name = ROUND(RAND()*1000000), | ||
last_name = ROUND(RAND()*1000000); | ||
|
||
UPDATE account_emailaddress SET | ||
email = CONCAT('user-', id, '@example.com'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this shouldn't use the id
of the account email address row but the user id the email address refers to, to continue have some relation to the data in the auth_user
table. So this should work:
UPDATE account_emailaddress SET email = CONCAT('user-', user_id, '@example.com');
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I started with that, but then the records violate a unique constraint, since the same user_id can have multiple account_emailaddress
records. E.g., for user ID 8, user@gmail.com
and user@yahoo.com
both become user-8@example.com
which violates a unique key constraint.
So I wasn't sure how else to anonymize the email address. 😐
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The problem is that I'm not sure how allauth will react to the data integrity broken between the account_emailaddress and auth_user tables. If we'd use a simple hashing function on the full email address plus a random identifier that is the same for both update statements that should prevent rainbow table attacks since that secret is unknown. Something like:
UPDATE auth_user SET
-- username left alone, because it's public info
password = '!',
email = CONCAT(MD5(CONCAT(email, @common_hash_secret)), '@example.com'),
first_name = ROUND(RAND()*1000000),
last_name = ROUND(RAND()*1000000);
UPDATE account_emailaddress SET
email = CONCAT(MD5(CONCAT(email, @common_hash_secret)), '@example.com');
untested..
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll test it ...
rwc+ |
TRUNCATE and scrub allauth tables
9e45743
to
99d56ce
Compare
Updated and spot-checked locally. r? again. |
LGTM |
…3709 bug 1133709 - use '!' to blank password field
This makes it easier for DBA to run the anonymize script.