DragonPrime - LoGD Resource Community
Welcome Guest
  • Good morning, Guest.
    Please log in, or register.
  • January 18, 2018, 07:57:00 AM
Home Forums News Downloads Login Register Advanced Search
* * *
DragonPrime Menu
Login
 
 
Resource Pages
Search

Pages: 1 [2]   Go Down
  Print  
Author Topic: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd  (Read 850 times)
0 Members and 1 Guest are viewing this topic.
Nightborn
Captain of the Guard
***
Offline Offline

Posts: 206


View Profile WWW
« Reply #15 on: December 31, 2017, 07:36:39 AM »

First thing:
Setup a test server.
(Like I told in the other thread, with xampp or another suite).
Virtualbox is free and you need the knowledge to run a decent lotgd site.
I know, a lot of trouble... but... you're a service provider now =)

@"right to be forgotten"

I think the best way is to use stored procedures.
They can trigger automatically if needed and will be carried in the database directly.
I will use a new table "accounts_never_restore" to reflect the account ids.
Logged
TGTarheel
Codemeister
****
Offline Offline

Posts: 260


View Profile
« Reply #16 on: December 31, 2017, 12:22:55 PM »

Just as an aside to this....would removing the Character Restorer....also solve the problem to then be in compliance with the new EU law??
Logged
Aeolus
Mod God
*****
Offline Offline

Posts: 1819


You're welcome.


View Profile WWW
« Reply #17 on: December 31, 2017, 05:43:27 PM »

Just as an aside to this....would removing the Character Restorer....also solve the problem to then be in compliance with the new EU law??

For this particular module, yes, as long as you uninstall the module and delete any existing restore files.

It does not, however, mean that you no longer have to update your core with the required changes to be compliant as well. (> inb4 we know you hate core updates.)
Logged

TGTarheel
Codemeister
****
Offline Offline

Posts: 260


View Profile
« Reply #18 on: December 31, 2017, 10:26:24 PM »

Just as an aside to this....would removing the Character Restorer....also solve the problem to then be in compliance with the new EU law??

For this particular module, yes, as long as you uninstall the module and delete any existing restore files.

It does not, however, mean that you no longer have to update your core with the required changes to be compliant as well. (> inb4 we know you hate core updates.)

What required changes?  This is what I am trying to learn.  Don't feel like having someone knock on my door, LOL.
Logged
Nightborn
Captain of the Guard
***
Offline Offline

Posts: 206


View Profile WWW
« Reply #19 on: January 01, 2018, 09:04:26 AM »

You need to i.e. have the function to "forget" a user and remove the mail address from you db - this does lotgd if you allow (which you now must) user deletion by user.

BUT

You then have to have the "right to forget"-stuff, which means you need to have (this is my theory and solution) a list of account-ids of those who did that.
IF you have server backups / database backups (which is strongly recommended) you have to have a function to filter the ones out that said "forget me".

I solved this with mysql triggers for now (check a table accounts_never_restore and then delete all accounts with those IDs if they exist).
I still need the function for the user to trigger this. Point is: if somebody throws a fit and hits the button... that's it. No recovery. Gone. Forever.
A lot of users want a restoral after fits. Cheesy
Logged
TGTarheel
Codemeister
****
Offline Offline

Posts: 260


View Profile
« Reply #20 on: January 01, 2018, 09:53:05 AM »

You need to i.e. have the function to "forget" a user and remove the mail address from you db - this does lotgd if you allow (which you now must) user deletion by user.

BUT

You then have to have the "right to forget"-stuff, which means you need to have (this is my theory and solution) a list of account-ids of those who did that.
IF you have server backups / database backups (which is strongly recommended) you have to have a function to filter the ones out that said "forget me".

I solved this with mysql triggers for now (check a table accounts_never_restore and then delete all accounts with those IDs if they exist).
I still need the function for the user to trigger this. Point is: if somebody throws a fit and hits the button... that's it. No recovery. Gone. Forever.
A lot of users want a restoral after fits. Cheesy
Then you could have a warning pop up when someone hits the button....similar to how you can back out one time if you choose the wrong specialty after a DK, right?

Have the first push of the button bring up the warning....and then have a back up and a proceed button.

Where all in the data base is the account info stored?

It would seem to me that character deletion, coupled with not making them retreivable by way of the character restorer...would work.  Is there something else I am missing?
Logged
TGTarheel
Codemeister
****
Offline Offline

Posts: 260


View Profile
« Reply #21 on: January 01, 2018, 01:54:16 PM »

OK, so I downloaded VirtualBox on my machine, but i am honest, i do not know what exactly to do with it...

I have never worked with stuff like this before.  Can anyone help me just get an LOTGD 1.1.2 set up on this thing?
Logged
Nightborn
Captain of the Guard
***
Offline Offline

Posts: 206


View Profile WWW
« Reply #22 on: January 04, 2018, 10:54:39 AM »

@account deletion
yes, you need to have something so it will be wiped when you restore stuff from a backup.
or you never do backups... well, that solves it too.

@virtualbox
very very lengthy thing if you do this the first time.
there are guides:
http://www.thelinuxdaily.com/2010/02/how-to-setup-a-pre-built-virtualbox-guest-image-tutorialguide/
i.e.

Logged
TGTarheel
Codemeister
****
Offline Offline

Posts: 260


View Profile
« Reply #23 on: January 04, 2018, 11:01:43 PM »

@account deletion
yes, you need to have something so it will be wiped when you restore stuff from a backup.
or you never do backups... well, that solves it too.

@virtualbox
very very lengthy thing if you do this the first time.
there are guides:
http://www.thelinuxdaily.com/2010/02/how-to-setup-a-pre-built-virtualbox-guest-image-tutorialguide/
i.e.



Thank you.  This is the sort of guide that actually helps me, printed instructions with pictures that stay still and I can look and read as long as I need.  I hate youtube "tutorials" they always go too fast.

But...this has you setting up a Linux Machine....is it on THIS that you then create an LOTGD server...or how does this part work, actually?

Sincerely never actually did this before, my site was set up by a friend who knows a ton more about computer stuff than I do...LOL

By the way, might be a good idea to split this part of the topic off, as it has nothing to do with the OP.
« Last Edit: January 04, 2018, 11:07:40 PM by TGTarheel » Logged
Nightborn
Captain of the Guard
***
Offline Offline

Posts: 206


View Profile WWW
« Reply #24 on: January 07, 2018, 02:46:25 PM »

Quick response in here:

Mhm, platform overview (I think you're using webspace).

You know:
webserver/webspace <-- FTP to get on it and drop files
database <-- you go to a phpmadmin and import/export, right?
domain <-- you do a setup on a web frontend for that

that's the foundation you will build in a virtualbox. it will provide above, though you may need to install the necessary software and do a bit of configuration.
Most should be installed, but I'll mention the software
webspace <-- install apache2 to provide a webserver, put your files in /var/www/html
database <--- install mysql and phpmyadmin (best as an ubuntu package via APT or if you downloaded a desktop ubuntu, from the desktop, package management)
domain <-- you have none, but you should be able to work on IP basis (virtualbox assigns a net)

Yes, it's a lot if you've never done things like it, but it's really helpful. Cheesy
Logged
TGTarheel
Codemeister
****
Offline Offline

Posts: 260


View Profile
« Reply #25 on: January 09, 2018, 08:16:52 PM »

Quick response in here:

Mhm, platform overview (I think you're using webspace).

You know:
webserver/webspace <-- FTP to get on it and drop files
database <-- you go to a phpmadmin and import/export, right?
domain <-- you do a setup on a web frontend for that

that's the foundation you will build in a virtualbox. it will provide above, though you may need to install the necessary software and do a bit of configuration.
Most should be installed, but I'll mention the software
webspace <-- install apache2 to provide a webserver, put your files in /var/www/html
database <--- install mysql and phpmyadmin (best as an ubuntu package via APT or if you downloaded a desktop ubuntu, from the desktop, package management)
domain <-- you have none, but you should be able to work on IP basis (virtualbox assigns a net)

Yes, it's a lot if you've never done things like it, but it's really helpful. Cheesy

I managed to get a test server going in XAMPP.
The problem I had had before with it was that I needed an older version of XAMPP, the one I was trying to use came with PHP 7 and LOTGD 1.1.2 won't work on PHP 7.

So the one I got now has PHP 5.6
Logged
TGTarheel
Codemeister
****
Offline Offline

Posts: 260


View Profile
« Reply #26 on: January 14, 2018, 02:21:19 PM »

I think I have the charrestore ready now.

Issue is the stored email, but a hash serves as well for people to claim ownership. You can restore the char and then manually replace the mail if the token matches.

* replaced emailaddress with a sha512 hash (varchar128 in the db is exactly right)
* added a salt as setting (FILL BEFORE HASHING!)
* added a mail notification when a char is deleted/expires and is stored.
* added a convert function for legacy stuff. it will convert all your old chars and put the hash in

DISCLAIMER:
Somebody with an untouched 1.1.2 dp edition could edit it please, I think I built a few things in (replaceemail?) in core that don't exist.
I have also changed some stuff in the charrestore (I believe I added the mail search in the first place).
Please BACKUP and then TEST.


I have an untouched 1.1.2 DP version running now in XAMPP.

I will try it out thoroughly for you...please tell me everything you want tested.
Logged
Pages: 1 [2]   Go Up
  Print  
 
Jump to:  


*
DragonPrime Notices
Version 1.1.2 is the current supported version and is available for download.

Support Us
No funds raised yet this year
Your help is greatly appreciated!
Recent Topics
DragonPrime LoGD
Who's Online
28 Guests, 0 Users
Home Forums News Downloads Login Register Advanced Search