Reminder: Avoid posting 'sensitive' data

Today there was a case where someone posted a question using real data; certainly not a problem in of itself as we encourage folks to post as much as they can give us about their problems in order to solve them. However, this real data has real names and real email addresses and real physical addresses. Becuase of concerns of privacy, I took editing action and munged the names and addresses to nonsense ones, just to protect those people that were actually named, but keeping the question and data format untouched. I don't blame the person that posted the original question, only because it's easy to forget to 'protect the innocent' when you post a question.

I'm only posting this to remind people that when they post code or data, they should take all steps to make sure that no personal or security information is given away, at least beyond those items that are your own. (Eg., I control my email address, but no one else does). This is not only important when you post data, but also when you post code; particularly if, for example, you have your code establish a user/pass connection to a DB; if you leave your username and password in place in the code, that's definitely not secure. Similarly, it's probably a good idea to munge server names and file locations that are special and not public as with a combination of either, a malicious hacker can wreck havoc on your system.

-----------------------------------------------------
Dr. Michael K. Neylon - mneylon-pm@masemware.com || "You've left the lens cap of your mind on again, Pinky" - The Brain
"I can see my house from here!"
It's not what you know, but knowing how to find it if you don't know that's important

Comment on Reminder: Avoid posting 'sensitive' data

Replies are listed 'Best First'.
Data Protection Act by Ea (Chaplain) on Nov 20, 2001 at 16:40 UTC
Britain's Data Protection Act, whose latest features went into force Oct 24th 2001, hands out heavy-duty penalties for anyone responsible for private information who allows it, by ommission or design, into the public domain. It also places the onus on keepers of data to maintain updated and accurate data. This applies to paper records as well. Ea :wq	[reply]
Re: Reminder: Avoid posting 'sensitive' data by Washizu (Scribe) on Nov 19, 2001 at 20:25 UTC
I agree with you that posting someone's information without their permission is immoral especially since it can so easily be worked around when posting your code, but how did you know the author of the question was using real data? ----------------------------------- Washizu The best offense is a good offense.	[reply]
Re: Re: Reminder: Avoid posting 'sensitive' data by Masem (Monsignor) on Nov 19, 2001 at 20:33 UTC
The names and addresses that were used look more like real names than names like "John Smith", "Joe Sixpack", or "John Q Public". When you've seen enough code and both real and 'munged' data, you can easily tell the difference. ----------------------------------------------------- Dr. Michael K. Neylon - mneylon-pm@masemware.com \|\| "You've left the lens cap of your mind on again, Pinky" - The Brain "I can see my house from here!" It's not what you know, but knowing how to find it if you don't know that's important	[reply]

Back to Perl Monks Discussion