This is not urgent, but will come in handy for any clinical trials (Part 11 compliance)
@samirdas there might be a security concern with this one
@johnsaigle ?
@ridz1208 yes, I agree. This would give anyone who has access to the module access to all data including data that isn't supposed to be exposed on the frontend by design.
It could maybe be done using a whitelist approach. If we only allow some known safe information - e.g. which user changed the state of some flag - then we could populate only that data.
It would be tricky though (as the others mentioned) because the info in the history table is meant to be accessed only by developers with full system access on a server where LORIS is installed. If this information is now available to front-end application admins then a lot of potentially sensitive data could be included in a much more vulnerable context.
Our plaintext password issue arose from sensitive information in the history table. #4021
Good point. Let's discuss at the roadmap meeting, next week.
For the roadmap meeting -- what is stored in our History table doesn't satisfy compliance for clinical trials. @samirdas i can remind you later.
@driusan @ridz1208 @samirdas Was there any progress on this during the roadmap meeting?
no, it was not brought up.
It's tricky that is on the back-burner for now
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.