How to avoid the

theft of personal

data, and content in

development process

by Nikitin Yevgeniy

Data - is value!

✘ personal user’s information (email, phone number, address...).✘ information about purchases.✘ paid content.✘ correspondence of users (can contain personal data).✘ transactions of payment systems.

Agency

Subcontractor

Subcontractor

People involved in a project

PMTL

DEV DEV DEV QA

DEV DEV QA

DEV DEV FREELANCER

ADMIN

FREELANCER

Ways not to use live content in a development

Using “Dummy content”+ It can be used in QA process.+ Data is used during development

and support.+ Using “migrate”, “feeds”,

“features” modules.- Not all bugs can be reproduced.- Difficult to manage in long

support.

Clean db from critical data- complicated structure of entity

storage.- db might be too big.- Difficult to manage in long

support.+ Copy of live db is used.+ Get rid of issues related with

“feeds”, “migrate”, “features”.

Modules and tables that can

contain confidential data

✘ user (users)✘ comment (comment)✘ dblog (watchdog)✘ webform (webform_submitted_data)✘ maillog (maillog)✘ address field✘ commerce✘ payment✘ cache_* tables✘ ....

Tools for cleaning database

✘ custom SQL script - difficult to create and support, but it works.

✘ drush sql-sanitize - by default clean mail and password in user table. Expanding by hook_drush_sql_sync_sanitize().

✘ DB Sanitizer

DB Sanitizer

1. Supports configurations.2. Management of tables and entities separately.3. Checks whether new tables or entities was added.4. Handles entity revisions.5. Drush support for creating sql script file.

Helps to create sql script for cleaning database

4 commands => 10 sql queries

Links

https://docs.acquia.com/articles/scrubbing-drupal-database-environment - Scrubbing a Drupal database environment

https://www.drupal.org/sandbox/sinn/2552477 - DB Sanitizer

contact me!

Nikitin Yevgeniywww.linkedin.com/in/nikitinevgeny

skype: yenyasinn