Welcome, Guest
Username: Password: Remember me

TOPIC: security issues

security issues 3 years 7 months ago #53345

  • chupanibre
  • chupanibre's Avatar
  • OFFLINE
  • Junior Lime
  • Posts: 29
  • Karma: 0
Dear Community

I am new with limesurvey, and I have a couple of questions regarding storage of data with limesurvey. I searched the Wiki but was not able to find more informations about this.
I am planning to conduct an on-line survey where I would like to do the following:
Collect personal data (Names, Information about general health, etc.). Collect data using a questionnaire investigating personality traits of the participants. Those who have a spcific score on this questionnaire will be contacted and asked if they want to participate in further studies.
As these informations are sensible, I have to comply to certain rules considering the storage of this data.
1) The personal data and psychometric data needs to be stored separately, but I still need to be able to retrieve and connect both.
2) Is there any kind of information about the general security procedures with limesurvey? I need to provide the security administrator of my university with informations about this.

Thanks a lot!!!

Chupa
The administrator has disabled public write access.

Re:security issues 3 years 7 months ago #53348

  • holch
  • holch's Avatar
  • OFFLINE
  • LimeSurvey Team
  • Posts: 2549
  • Thank you received: 285
  • Karma: 102
chupanibre wrote:
1) The personal data and psychometric data needs to be stored separately, but I still need to be able to retrieve and connect both.
2) Is there any kind of information about the general security procedures with limesurvey? I need to provide the security administrator of my university with informations about this.

Honestly, to me the first point doesn't make sense. There is basically no difference in storing the personal data at the same place as the psychometric data and separating them, if you can still join them! Storing the data in two different tables or even databases doesn't make it more or less anonymous if there is the possibility to connect both via an ID or something.

I don't see how you can guarantee (on a technical basis) the separation of personal data and psychometric data, when you still need to be able to contact people based on their responses.

The only way is to commit yourself/the company/the team that you won't connect data for another purpose than the inviation. But that's about it. I don't see how you could do that any other way. I don't think that ANY system can provide what you are looking for.

However, there might be some genius solution out there, that I am just not aware of. So what do the others think regarding this aspect?
Have a look at the manual! It is a really valuable source for information. Here some helpful links:
Manual (EN) | Question Types | Question Attributes | Workarounds

If you found this answer helpful and it saved you some time please consider a donation to the project to keep Limesurvey going!
The administrator has disabled public write access.

Re:security issues 3 years 7 months ago #53350

  • chupanibre
  • chupanibre's Avatar
  • OFFLINE
  • Junior Lime
  • Posts: 29
  • Karma: 0
You are absolutely correct with your assumption. The thing is the following: if someone would be able to gain access to the data on the server, he should not be able to connect personal data with psychometric data. All those that should have access to the data (me and my co-workers) should be able to connect the data using a specific code or something similar.
The administrator has disabled public write access.

Re:security issues 3 years 7 months ago #53351

  • holch
  • holch's Avatar
  • OFFLINE
  • LimeSurvey Team
  • Posts: 2549
  • Thank you received: 285
  • Karma: 102
Well, that makes sense. But the only way that I see here, is doing it manually then.

I don't see any simple and easy way to do this with Limesurvey per default. Because in order to do this automatically, Limesurvey would need to have access to both tables/databases, and then the security advantage of separating them is gone, because if the unauthorized person gains access to LS, it will also have access to both tables, just like Limesurvey does. However, I am not a database expert and there might exist techniques to prevent this, so let's wait if there are other opinions/ideas...
Have a look at the manual! It is a really valuable source for information. Here some helpful links:
Manual (EN) | Question Types | Question Attributes | Workarounds

If you found this answer helpful and it saved you some time please consider a donation to the project to keep Limesurvey going!
The administrator has disabled public write access.

Re:security issues 3 years 7 months ago #53353

  • tfj
  • tfj's Avatar
  • OFFLINE
  • Expert Lime
  • Posts: 80
  • Thank you received: 6
  • Karma: 5
I have used LimeSurvey for several projects at my University. These projects involve collecting confidential information.

You are correct that LimeSurvey does not directly provide a method of keeping the information confidential. I have, however, gotten around this limitation by using mySQL queries (separate from LimeSurvey) that go through the tables and encrypt the confidential fields. I have found that I can not do this through a mySQL trigger (which would be ideal), but I can do it through a scheduled query that runs frequently.

When it is time to get in touch with the people who completed the surveys, I run a mySQL query that decrypts the confidential fields and dumps them into an Excel table to give to the researchers in charge of the contacting the people. I do not give these researchers the data that connect to the contact information.

Also, at no time do I decrypt the encrypted fields in the mySQL tables. Through an export query, I dump the decrypted fields into Excel.

Personally, I have found Navicat for mySQL extremely helpful in all of this.

Another thought: if you really have to keep the encrypted fields separate from the rest of the data, you could always develop two surveys. The first one collects the confidential data (and puts them in one table), then, through using a link on the final page of the first survey, you could be directed to a second survey that collects the non-confidential data. You could pre-populate a field in the second survey with the ID from the first survey and put this in the link, so that the survey respondent would not have to keep track of anything.
The administrator has disabled public write access.

Re:security issues 3 years 7 months ago #53370

  • chupanibre
  • chupanibre's Avatar
  • OFFLINE
  • Junior Lime
  • Posts: 29
  • Karma: 0
thanks for the helpful suggestions!
@tfj: as I never worked with mySQL your second idea seems like a potential solution to my problem. Dividing the survey in two steps should resolve this issue. So if I got it right, the ID from the first survey will be incorporated in the url of the second survey, so that I can keep track of the two databases?
The administrator has disabled public write access.

Re:security issues 3 years 7 months ago #53376

  • tfj
  • tfj's Avatar
  • OFFLINE
  • Expert Lime
  • Posts: 80
  • Thank you received: 6
  • Karma: 5
Of course, you will not be able to match the ID field (the first field in LimeSurvey tables) from the first table to the second. I would create a separate question in the second survey, but set it to be hidden. In the "End URL" setting (Survey settings - General - End URL), type in your link, but include the reference to the first survey's ID field to be placed in the field that holds the answer to the hidden question in the second survey.

I haven't needed to use this method yet, since I am encrypting all of the confidential fields in our tables. I believe you will find what you need to know about constructing the "End URL" in the LimeSurvey documentation. According to it, the ID from the first table is referenced as {SAVEDID}. So, your End URL might look something like this: https:\\Link of your second survey&newtest=Y&hiddenfieldname={SAVEDID}. To make things easier for the respondent, I would put something in the "URL description" box like "Click here to continue to the next set of questions."

Someone else may look at my made-up example and make corrections, but I think you might get the basic idea from my attempt.

When needed, you will know how to link the two tables through the ID field in the first and the hidden question field in the second.

tfj
The administrator has disabled public write access.
The following user(s) said Thank You: chupanibre

Re:security issues 3 years 7 months ago #53403

  • chupanibre
  • chupanibre's Avatar
  • OFFLINE
  • Junior Lime
  • Posts: 29
  • Karma: 0
Thanks for the help!

I will try to implement this in limesurvey.
The administrator has disabled public write access.

Re:security issues 3 years 7 months ago #53432

  • Mazi
  • Mazi's Avatar
  • OFFLINE
  • LimeSurvey Team
  • Posts: 5300
  • Thank you received: 291
  • Karma: 247
You're welcome!

If our hints have been helpful and you enjoy limesurvey please consider a donation to the team .
We do all this in our free time and you don't have to pay a penny for this software.

Without your help we can't keep this project alive.

Best regards/Beste Grüße,
Dr. Marcel Minke
(Limesurvey Head of Support)
Need Help? We offer professional Limesurvey support
Contact: marcel.minke(at)limesurvey.org'"
The administrator has disabled public write access.

Re:security issues 3 years 6 months ago #55243

  • chupanibre
  • chupanibre's Avatar
  • OFFLINE
  • Junior Lime
  • Posts: 29
  • Karma: 0
@tfj: I tried to implement your idea, but still have a major problem: how can I populate the answer to the hidden question in the second survey with the ID-information from the first survey? After including the {SAVEDID} tag in the end-url, how can I retrieve this information and make it the answer to the first question?

Thanks,
Chupa
The administrator has disabled public write access.
Moderators: ITEd
Time to create page: 0.130 seconds
Donation Image