security issues

More
6 years 11 months ago #53345 by chupanibre
chupanibre created the topic: security issues
Dear Community

I am new with limesurvey, and I have a couple of questions regarding storage of data with limesurvey. I searched the Wiki but was not able to find more informations about this.
I am planning to conduct an on-line survey where I would like to do the following:
Collect personal data (Names, Information about general health, etc.). Collect data using a questionnaire investigating personality traits of the participants. Those who have a spcific score on this questionnaire will be contacted and asked if they want to participate in further studies.
As these informations are sensible, I have to comply to certain rules considering the storage of this data.
1) The personal data and psychometric data needs to be stored separately, but I still need to be able to retrieve and connect both.
2) Is there any kind of information about the general security procedures with limesurvey? I need to provide the security administrator of my university with informations about this.

Thanks a lot!!!

Chupa

Please Log in to join the conversation.

More
6 years 11 months ago #53348 by holch
holch replied the topic: security issues
chupanibre wrote:

1) The personal data and psychometric data needs to be stored separately, but I still need to be able to retrieve and connect both.
2) Is there any kind of information about the general security procedures with limesurvey? I need to provide the security administrator of my university with informations about this.


Honestly, to me the first point doesn't make sense. There is basically no difference in storing the personal data at the same place as the psychometric data and separating them, if you can still join them! Storing the data in two different tables or even databases doesn't make it more or less anonymous if there is the possibility to connect both via an ID or something.

I don't see how you can guarantee (on a technical basis) the separation of personal data and psychometric data, when you still need to be able to contact people based on their responses.

The only way is to commit yourself/the company/the team that you won't connect data for another purpose than the inviation. But that's about it. I don't see how you could do that any other way. I don't think that ANY system can provide what you are looking for.

However, there might be some genius solution out there, that I am just not aware of. So what do the others think regarding this aspect?

I'm not a LimeSurvey GmbH member. I answer at the LimeSurvey forum in my spare time. No support via private message.
Some helpful links: Manual (EN) | Question Types | Workarounds

Please Log in to join the conversation.

More
6 years 11 months ago #53350 by chupanibre
chupanibre replied the topic: security issues
You are absolutely correct with your assumption. The thing is the following: if someone would be able to gain access to the data on the server, he should not be able to connect personal data with psychometric data. All those that should have access to the data (me and my co-workers) should be able to connect the data using a specific code or something similar.

Please Log in to join the conversation.

More
6 years 11 months ago #53351 by holch
holch replied the topic: security issues
Well, that makes sense. But the only way that I see here, is doing it manually then.

I don't see any simple and easy way to do this with Limesurvey per default. Because in order to do this automatically, Limesurvey would need to have access to both tables/databases, and then the security advantage of separating them is gone, because if the unauthorized person gains access to LS, it will also have access to both tables, just like Limesurvey does. However, I am not a database expert and there might exist techniques to prevent this, so let's wait if there are other opinions/ideas...

I'm not a LimeSurvey GmbH member. I answer at the LimeSurvey forum in my spare time. No support via private message.
Some helpful links: Manual (EN) | Question Types | Workarounds

Please Log in to join the conversation.

More
6 years 11 months ago #53353 by tfj
tfj replied the topic: security issues
I have used LimeSurvey for several projects at my University. These projects involve collecting confidential information.

You are correct that LimeSurvey does not directly provide a method of keeping the information confidential. I have, however, gotten around this limitation by using mySQL queries (separate from LimeSurvey) that go through the tables and encrypt the confidential fields. I have found that I can not do this through a mySQL trigger (which would be ideal), but I can do it through a scheduled query that runs frequently.

When it is time to get in touch with the people who completed the surveys, I run a mySQL query that decrypts the confidential fields and dumps them into an Excel table to give to the researchers in charge of the contacting the people. I do not give these researchers the data that connect to the contact information.

Also, at no time do I decrypt the encrypted fields in the mySQL tables. Through an export query, I dump the decrypted fields into Excel.

Personally, I have found Navicat for mySQL extremely helpful in all of this.

Another thought: if you really have to keep the encrypted fields separate from the rest of the data, you could always develop two surveys. The first one collects the confidential data (and puts them in one table), then, through using a link on the final page of the first survey, you could be directed to a second survey that collects the non-confidential data. You could pre-populate a field in the second survey with the ID from the first survey and put this in the link, so that the survey respondent would not have to keep track of anything.

Please Log in to join the conversation.

More
6 years 11 months ago #53370 by chupanibre
chupanibre replied the topic: security issues
thanks for the helpful suggestions!
@tfj: as I never worked with mySQL your second idea seems like a potential solution to my problem. Dividing the survey in two steps should resolve this issue. So if I got it right, the ID from the first survey will be incorporated in the url of the second survey, so that I can keep track of the two databases?

Please Log in to join the conversation.

More
6 years 11 months ago #53376 by tfj
tfj replied the topic: security issues
Of course, you will not be able to match the ID field (the first field in LimeSurvey tables) from the first table to the second. I would create a separate question in the second survey, but set it to be hidden. In the "End URL" setting (Survey settings - General - End URL), type in your link, but include the reference to the first survey's ID field to be placed in the field that holds the answer to the hidden question in the second survey.

I haven't needed to use this method yet, since I am encrypting all of the confidential fields in our tables. I believe you will find what you need to know about constructing the "End URL" in the LimeSurvey documentation. According to it, the ID from the first table is referenced as {SAVEDID}. So, your End URL might look something like this: https:\\Link of your second survey&newtest=Y&hiddenfieldname={SAVEDID}. To make things easier for the respondent, I would put something in the "URL description" box like "Click here to continue to the next set of questions."

Someone else may look at my made-up example and make corrections, but I think you might get the basic idea from my attempt.

When needed, you will know how to link the two tables through the ID field in the first and the hidden question field in the second.

tfj
The following user(s) said Thank You: chupanibre

Please Log in to join the conversation.

More
6 years 11 months ago #53403 by chupanibre
chupanibre replied the topic: security issues
Thanks for the help!

I will try to implement this in limesurvey.

Please Log in to join the conversation.

More
6 years 11 months ago #53432 by Mazi
Mazi replied the topic: security issues
You're welcome!

If our hints have been helpful and you enjoy limesurvey please consider a donation to the team .
We do all this in our free time and you don't have to pay a penny for this software.

Without your help we can't keep this project alive.


Best regards/Beste Grüße,
Dr. Marcel Minke
(Limesurvey Head of Support)
Need Help? We offer professional Limesurvey support
Contact: marcel.minke(at)survey-consulting.com'"

Please Log in to join the conversation.

More
6 years 10 months ago #55243 by chupanibre
chupanibre replied the topic: security issues
@tfj: I tried to implement your idea, but still have a major problem: how can I populate the answer to the hidden question in the second survey with the ID-information from the first survey? After including the {SAVEDID} tag in the end-url, how can I retrieve this information and make it the answer to the first question?

Thanks,
Chupa

Please Log in to join the conversation.

More
6 years 10 months ago #55248 by chupanibre
chupanibre replied the topic: security issues
also: will this ensure data security? If someone would gain access, would he not be able to connect the data of both surveys via the ID-number?

Please Log in to join the conversation.

More
6 years 10 months ago - 6 years 10 months ago #55255 by tfj
tfj replied the topic: security issues
Chupa:

I'm not sure what you tried, but my previous response outlines what I do. To give you an example, the end URL could look something like this - I edited this so that it would display. In my previous attempts, it truncated my entry. That is why it is on three separate lines. It is supposed to begin with an "h-t-t-p-s://" (without the dashes) but that was truncated as well:

https://YourServerName/limesurvey/index.php?

sid=YourSurveyID&lang=en&newtest=Y&

YourHiddenFieldIDintheSecondSurvey={SAVEDID}

Of course, you would have to substitute the variable names above -- "YourServerName," "YourSurveyID," and "YourHiddendFieldIDintheSecondSurvey" -- with your specific ones. If you wanted, you could add the setting, Settings - Publication and Access control - Automatically load URL when survey complete set to "Yes."

You are correct. Theoretically, someone could match up the hidden field name in the second survey with the ID field in the first survey, if they worked hard enough at it. That is why I keep our data encrypted, using mySQL queries. If your data are as sensitive as ours, I still suggest mySQL encryption queries. That way, you would be as protected as reasonably possible.

Also, if you are thinking that the two ID fields will match (from the two tables), they won't. In your work with the data, you would match the ID field from the first table to the hidden field in the second table.

No matter what survey tool you use, you will still be faced with the same issue.

Someone else may have a better idea, but this has worked for me. They may also point out any errors I may have made in my description.

tfj
Last Edit: 6 years 10 months ago by tfj.

Please Log in to join the conversation.

More
6 years 10 months ago #55260 by tpartner
tpartner replied the topic: security issues
Here's some info on prefilling questions from the URL - docs.limesurvey.org/Workarounds%3A+Surve...using_the_survey_URL .

Cheers,
Tony Partner
Solutions, code and workarounds presented in these forums are given without any warranty, implied or otherwise.

Please Log in to join the conversation.

More
6 years 10 months ago #55407 by chupanibre
chupanibre replied the topic: security issues
Thanks for the detailed answer. I understand what you mean, I just dont know exactly how to implement this.

The link for my second survey is the following:
cape42heidelberg.limequery.org/index.php...96&newtest=Y&lang=de

The code of the question in the second survey which I want to populate with the tag {SAVEDID} is:
survey ID (ID:19196)
question group ID (ID:3)
question ID (ID:10)

I took a look at the link from the wiki( docs.limesurvey.org/Workarounds%3A+Surve...using_the_survey_URL ) but I simply was not able to construct a link which worked...

Please Log in to join the conversation.

More
6 years 10 months ago #55409 by tfj
tfj replied the topic: security issues
At the end of your link, try the following:

&19196X3X10={SAVEDID}

tfj

Please Log in to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now
Join our Newsletter!