Monthly Archives: August 2021

Version 21.08

New Features

Digest Function in Webforms

The digest function now works in both FieldTask and Webforms. One application of digest is to obfuscate sensitive data while still retaining a unique identifier for that data. For example instead of recording a person’s name you can record the digest. If you then complete another survey and the name of this new person is the same then the digests will also be the same. So you will know that the people in these two surveys had the same name you just won’t know what that name is.

Example Digest Application

In this example we are going to hide the persons name and use the digest of the name as the key for the record so we can update the data on that person.

1. Specify the survey.

typenamelabelappearancecalculation
textnameNamephoneonly
calculatedigest_namedigest(${name}, ‘SHA-1’)
intageAge
The survey

Note the appearance of “phoneonly” on the name will prevent the name from being stored in the server database. It will be replaced with “xxxx”.

2. Set the survey key to be ${digest_name}. This means that when we submit another record with the same digest as an existing record then the existing record will be updated.

3. Results as shown in the console

Submitted data

Note I have clicked the option to “show deleted data”, So you can see that record 1, which had an age of “23” was merged with record 3 that updated that age to “57”. Both of those records had the same digest_name. The actual name however is not recorded and only “xxxx” is stored in the database.

4. Final thoughts

Using the digest of a name as a key is probably not a good idea in the real world. This is particularly true where the recorded name is a transliteration from another language. Minor spelling mistake would result in a completely different digest so the value of the digest is probably low. However you could absolutely use the above approach with passport numbers or identity card numbers.

Also using digest does not in itself provide complete security for sensitive information. If you were using identity card numbers a determined attacker could generate a digest for every possible number in order to work out the original identity number. However if combined with other security procedures to limit access to data it does offer enhanced protection.

Other

  • You can hide / show blocked forms on the form management page by selecting a checkbox
  • Set a users timezone automatically to the timezone of their organisation unless they have specified their own specific timezone
  • Added a checkbox to the monitor page to ignore issues that are older than 100 days. This option is enabled by default.
  • More log event types older than 100 days are now moved into archive which should further speed up access to the logs.
  • Make duplicate choice names a warning in the online editor rather than an error.
  • Label the prime survey in a group of surveys as being part of that group. Previously it was only implied that the first survey in a group was part of the group since its name was used as the group name.
  • Make questions that are hidden in fieldTask also hidden in webforms
  • Add support for remote postgresql database installations, in particular AWS RDS.