Student Senate Survey
This survey aims to gather student opinions on various aspects of RPI. It is online at https://surveys.union.rpi.edu.
All survey submissions are stored in a way that prevents a user from submitting multiple times, but does not link any specific user to a submission.
The user's ID is hashed, along with a pepper and the current survey version, and stored in a table upon submission. The survey answers are stored in a separate table without a link to the ID hash. The survey submissions are timestamped, but the hashes are not. Additionally, the submission and hash database table's primary keys are randomized and not related in any way to each other.
The benefit of this is that it is not possible to determine who has submitted a survey, let alone link a specific response with an individual.
A drawback is that it is impossible to edit or delete a specific survey response.
The following environment variables must be defined:
- SURVEY_ADMINS — Comma-separated list of RCS IDs that are permitted to
download submissions from
- SURVEY_PEPPER — Appended to user ID before hashing. This makes it more difficult to map user IDs to hashes. This must not change or it will be possible for people to retake the survey.
- DATABASE_URL — Database connection URL.
- SECRET_KEY — Used to sign session cookies.
- SURVEY_CLOSED – If set, disables the survey and returns the closed survey template.
First, ensure that the above environment variables are defined. Then:
pip install -r requirements.txt gunicorn app:app --reload
It is a good idea to do this inside of a virtual environment.
This survey can be pushed to Dokku or Heroku. It has been tested with SQLite and Postgres databases.