Securedrop: We should not allow journalist username `deleted`

Created on 6 May 2020  路  8Comments  路  Source: freedomofpress/securedrop

Because in https://github.com/freedomofpress/securedrop/pull/5178 we are now marking deleted as the name/uuid of any journalist account which is deleted from the system, we should not allow the term deleted as the journalist name (via the web interface). I think this will help in reducing confusion in future.

Release

Most helpful comment

Good point, we should have a disallowed list of usernames and disallow the creation of new usernames with that. Of course there can be existing users that have this username so we can keep that in mind for client development, but we can distinguish legitimate users with the username deleted from the case where the journalist was deleted by the fact that in the latter case the uuid will also be deleted. This'll involve a string change so we can do in 1.4.0

All 8 comments

Good point, we should have a disallowed list of usernames and disallow the creation of new usernames with that. Of course there can be existing users that have this username so we can keep that in mind for client development, but we can distinguish legitimate users with the username deleted from the case where the journalist was deleted by the fact that in the latter case the uuid will also be deleted. This'll involve a string change so we can do in 1.4.0

@kushaldas @redshiftzero I would like to work on this.

@prateekj117 Go for it! Please find us on https://gitter.im/freedomofpress/securedrop if we can help you get started on this -- you can also come join our standups Monday-Thursday at 4PM UTC here https://meet.google.com/ekb-kkhf-mrk (they're announced on Gitter).

@eloquence Sure.

@eloquence I am confused why SecureDrop doesn't use a deleted_at column strategy. This way, we also won't face issues like these.

Probably original design decisions like this were motivated by wanting to ensure a minimum amount of historical data on the system in case of theft/seizure. Having records of when accounts were added/deleted seems pretty innocuous, but you never know.

@zenmonkeykstop @redshiftzero Hmm, I agree. Though, why don't we just have a deleted column with a boolean value. This saves us from having extra information in database.

Ok, it must be that way, because even after deletion person can be personally identified if we keep a separate deleted bool column.

Was this page helpful?
0 / 5 - 0 ratings