How to avoid the theft of personal data, and content in development process by Nikitin Yevgeniy
Data - is value!
✘ personal user’s information (email, phone number, address...).✘ information about purchases.✘ paid content.✘ correspondence of users (can contain personal data).✘ transactions of payment systems.
Agency
Subcontractor
Subcontractor
People involved in a project
PMTL
DEV DEV DEV QA
DEV DEV QA
DEV DEV FREELANCER
ADMIN
FREELANCER
Ways not to use live content in a development
Using “Dummy content”+ It can be used in QA process.+ Data is used during development
and support.+ Using “migrate”, “feeds”,
“features” modules.- Not all bugs can be reproduced.- Difficult to manage in long
support.
Clean db from critical data- complicated structure of entity
storage.- db might be too big.- Difficult to manage in long
support.+ Copy of live db is used.+ Get rid of issues related with
“feeds”, “migrate”, “features”.
Modules and tables that can
contain confidential data
✘ user (users)✘ comment (comment)✘ dblog (watchdog)✘ webform (webform_submitted_data)✘ maillog (maillog)✘ address field✘ commerce✘ payment✘ cache_* tables✘ ....
Tools for cleaning database
✘ custom SQL script - difficult to create and support, but it works.
✘ drush sql-sanitize - by default clean mail and password in user table. Expanding by hook_drush_sql_sync_sanitize().
✘ DB Sanitizer
DB Sanitizer
1. Supports configurations.2. Management of tables and entities separately.3. Checks whether new tables or entities was added.4. Handles entity revisions.5. Drush support for creating sql script file.
Helps to create sql script for cleaning database
Links
https://docs.acquia.com/articles/scrubbing-drupal-database-environment - Scrubbing a Drupal database environment
https://www.drupal.org/sandbox/sinn/2552477 - DB Sanitizer
contact me!
Nikitin Yevgeniywww.linkedin.com/in/nikitinevgeny
skype: yenyasinn