Juice-shop: Data subject contact form

Created on 1 Jun 2018  ·  14Comments  ·  Source: bkimminich/juice-shop

A new contact form should be added to retrieve and ask deletion for a users personal data stored by the Juice Shop.

This form should check for secret question and maybe some other (new) factor that makes it difficult - but not impossible - to forge for other users.


Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

challenge feature

All 14 comments

Seems interesting. Can I take this up?

Totally, yes! You could just start with the request form, and we can design a challenge into it afterwards? I was also thinking this would be a good place for the advanced CAPTCHA idea.

The advanced CAPTCHA? Not sure I follow :confused:
Sure, I will make the form. Really want to get into more Angular :smile:

In #784 having a better CAPTCHA than the math term to solve for feedback form was suggested. This could in fact be implemented on this data subject form, as Juice Shop support really wants to avoid spam here.

@bkimminich @J12934 what all data should be removed? The past orders and reviews?

@aaryan01 Please let me know if you are working on this. If not I can start. @bkimminich

@agrawalarpit14 I have started working on it. Just needed some clarification from @bkimminich .

Sure. Thanks!!✌🏻

@aaryan01, I can start to work on the user data removal part of this issue if you are not currently working on it, along with the relevant tests. I guess this way we can complete both the parts in parallel. @bkimminich

Sure, I'm currently working on export data.

Just to be clear, this feature does not delete anything. It is just meant to be a distinct contact form where users can ask for their personal data (which could just offer a link to "Data Export") or be deleted in accordance with GDPR. This could end up in the DB as a new table PrivacyRequests and have a free text column and a deletionRequested flag. Additional ideas are welcome.

@bkimminich, so should I keep the secret question as the authentication?
Apart from that, I plan to remove(hide) the same data that is exported in the data export feature. Is this implementation fine?

This thread has been automatically locked because it has not had recent activity after it was closed. :lock: Please open a new issue for regressions or related bugs.

This thread has been automatically locked because it has not had recent activity after it was closed. :lock: Please open a new issue for regressions or related bugs.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

bkimminich picture bkimminich  ·  42Comments

philly-vanilly picture philly-vanilly  ·  13Comments

cnotin picture cnotin  ·  10Comments

bkimminich picture bkimminich  ·  35Comments

thefishermanhacker picture thefishermanhacker  ·  13Comments