Jump to content


Photo

Publish Online


  • Please log in to reply
39 replies to this topic

#21 anzenketh

anzenketh

    Advanced Member

  • Members
  • PipPipPip
  • 197 posts

Posted 03 December 2014 - 08:38 AM

Personally I am also surprised about the backlash. I can understand the desire not to relinquish control over who has your data. This is perfectly understandable. If they did not offer a way to where I can host my own I would likely be upset just like everyone else. 

 

Furthermore on the topic of living individuals. As genealogists we know your name, date of birth, spouse name and a bunch of other information including mothers maiden name is considered public record. This is why security professional encourage you not to use said information for security questions. Especially if you own a house. You can turn off hints entirely and then it would not search anyone in the database. 

 

alansogd is it safe to assume that RootsMagic websites are not susceptible to SQL injection attacks as they don't accept any queries? Are the databases when they are uploaded to the servers set to a permissions such that the webserver that you are using only has read access to the files? 

 

Those would be my two main concerns about the way the system is structured. 



#22 alansogd

alansogd

    Advanced Member

  • Admin
  • PipPipPip
  • 52 posts

Posted 03 December 2014 - 09:10 AM

I am confident that the sites are safe from SQL injections. The only power the client has over the queries is to provide ID numbers (e.g., individual.php?p=5) or to search by name on the name index page. All private results are filtered out as part of the SQL query. All input data is parameterized using the built-in SQL library and is immune to injection.

 

The databases are given read-only privileges, and are stored in a separate directory that is not accessible by the web server itself, so they can't be requested by the client. The PHP scripts have read access to the database in order to construct the requested page. If a user chooses to allow RMGC downloads from the settings page, it is streamed through a download.php script that performs all necessary permission checks before streaming the rmgc file. If the user disables RMGC downloads, it will immediately block access to the file and return a 404 error.



#23 jonjmorin

jonjmorin

    New Member

  • Members
  • Pip
  • 4 posts

Posted 03 December 2014 - 09:11 AM

I love RootsMagic, but completely disagree with the need for private data to be uploaded with the data that a user wishes to publish. As a former network security professional, I assert that the statement that other sites also have minimal risks of compromise so we should not worry any more about a RootsMagic site is not sound. The statement that any site on the internet is is vulnerable is straw man logic. Why upload private information to yet another site if there are vulnerabilities everywhere? This only increases the chance of a data breach. And what about people (like myself) who don't use Google or dropbox for backup, and use a backup drive instead? Yes, personal computers can be compromised, but the onus of security is then on the user, which RootsMagic indeed has little to do with, outside of vulnerabilities in the actual software.

 

Other software I have used also generates HTML files to publish online. If you mark a item as private, it is replaced by a "living" or "private" placeholder and the private data is simply not included in the files to be published. Granted, the site created is more static, but without the JavaScript reliance and better looking, in my opinion. For this reason, I will continue to use RootsMagic for my database, as I like it quite a bit, but will not use the online publishing feature. I'll export to GEDCOM and use one of the many excellent tools to create my site from that. More control over the private data.



#24 alansogd

alansogd

    Advanced Member

  • Admin
  • PipPipPip
  • 52 posts

Posted 03 December 2014 - 09:40 AM

You don't have to use the new sites. The new sites use the rmgc file so they can be more dynamic. It opens up more possibilities for us in the future. If you don't like it, the RM6-style sites are still there. We are not forcing anyone to use the new sites. We are providing a convenience. We are not deprecating the RM6 sites. The RM6 sites are not going anywhere. They will continue to be updated. Updates will continue, and the RM6 sites will remain. We do not intend to deprecate them. You may use them instead of being forced to use the new sites if you desire. The new sites are one of many options. We built them this way because we felt the benefits outweighed the risks, which we believe are very small. However, if you do not wish to use them, we will not require you to do so.



#25 anzenketh

anzenketh

    Advanced Member

  • Members
  • PipPipPip
  • 197 posts

Posted 03 December 2014 - 09:57 AM

I love RootsMagic, but completely disagree with the need for private data to be uploaded with the data that a user wishes to publish. As a former network security professional, I assert that the statement that other sites also have minimal risks of compromise so we should not worry any more about a RootsMagic site is not sound. The statement that any site on the internet is is vulnerable is straw man logic. Why upload private information to yet another site if there are vulnerabilities everywhere? This only increases the chance of a data breach. And what about people (like myself) who don't use Google or dropbox for backup, and use a backup drive instead? Yes, personal computers can be compromised, but the onus of security is then on the user, which RootsMagic indeed has little to do with, outside of vulnerabilities in the actual software.

 

Other software I have used also generates HTML files to publish online. If you mark a item as private, it is replaced by a "living" or "private" placeholder and the private data is simply not included in the files to be published. Granted, the site created is more static, but without the JavaScript reliance and better looking, in my opinion. For this reason, I will continue to use RootsMagic for my database, as I like it quite a bit, but will not use the online publishing feature. I'll export to GEDCOM and use one of the many excellent tools to create my site from that. More control over the private data.

 

 

I agree with you that there is no need to upload living individuals information. The fact that it is done was hopefully a decision that they made on a risk benefit analysis not pure lazyness.  I hope that sometime in the future RootsMagic works on preventing people being marked as living from being uploaded. 

 

It is also true that different sites are susceptible to different vulnerabilities and the blanket statement of other sites have minimal risk is not sound. However at the same case on a layman's level it is. As long as they have done all their work correctly and have their ducks in a row(why I asked about SQL injection and permissions issues). Then they are likely doing as much as any other provider would with the same budget and resources. The comment was more of a blanket statement of calm then a assertion of truth. No security professional worth their dime would ever state that they will never get compromised. Of course there are vulnerabilities that come out all the time. RootsMagic would be susceptible to them just like any other. 

 

alansogd I forgot in transit are you using https? 



#26 alansogd

alansogd

    Advanced Member

  • Admin
  • PipPipPip
  • 52 posts

Posted 03 December 2014 - 10:09 AM

Yes, everything is via https.



#27 Jerry Bryan

Jerry Bryan

    Advanced Member

  • Members
  • PipPipPip
  • 3404 posts

Posted 03 December 2014 - 10:31 AM

My apologies on indicating incorrectly that the RM6 style sites have been deprecated when in fact they have not been. There was a posting that gave me that impression, but i can't find it right now.

 

Sorry,

Jerry



#28 BobDonLI

BobDonLI

    Member

  • Members
  • PipPip
  • 7 posts

Posted 03 December 2014 - 11:33 AM

Would it be possible for the software to generate a "scrubbed" .rmgc file (no living people, no private data) that could be opened and examined in RM before being uploaded? It could be treated as a throwaway file to be regenerated anew from the full database whenever the web site was updated.

I am still not thrilled about being restricted to RM's servers and would probably never use it for that reason, but for those who might use it, knowing what was being released outside of their control might help.

#29 Don Newcomb

Don Newcomb

    Advanced Member

  • Members
  • PipPipPip
  • 1033 posts

Posted 03 December 2014 - 11:46 AM

I agree with you that there is no need to upload living individuals information. The fact that it is done was hopefully a decision that they made on a risk benefit analysis not pure lazyness.  I hope that sometime in the future RootsMagic works on preventing people being marked as living from being uploaded. 

 

 

I, for one, don't understand why we couldn't have a "select individuals" menu, just like in the other website creation tools.



#30 Don Newcomb

Don Newcomb

    Advanced Member

  • Members
  • PipPipPip
  • 1033 posts

Posted 03 December 2014 - 11:48 AM

Would it be possible for the software to generate a "scrubbed" .rmgc file (no living people, no private data) that could be opened and examined in RM before being uploaded?

I am still not thrilled about being restricted to RM's servers and would probably never use it for that reason, but for those who might use it, knowing what was being released outside of their control might help.

 

Yes, this is the "solution" that was given to me. Create a GEDCOM and import it into a new database then do Publish Online from that 2nd database. Sounds like a kludge and unnecessary complication, at best.



#31 BobDonLI

BobDonLI

    Member

  • Members
  • PipPip
  • 7 posts

Posted 03 December 2014 - 12:06 PM

If your proposed select individuals dialog created the scrubbed .rmgc file without requiring the manual intermediate steps (but still leaving a .rmgc file that could be examined), would that work? Alan's back end software would still be working from a .rmgc file.

#32 kbens0n

kbens0n

    Advanced Member

  • Members
  • PipPipPip
  • 3442 posts

Posted 03 December 2014 - 12:09 PM

There was a posting that gave me that impression, but i can't find it right now.


Since RM7 ~just~ came out ...it wouldn't have been logical that RM6-style webpages were deprecated, yet, so any posts from a week ago or older were probably referring to the old HTML site creation and you inadvertently mixed things up. NO PROBLEMO!

---
--- "GENEALOGY, n. An account of one's descent from an ancestor who did not particularly care to trace his own." - Ambrose Bierce
--- "The trouble ain't what people don't know, it's what they know that ain't so." - Josh Billings
---Ô¿Ô---
K e V i N


#33 kbens0n

kbens0n

    Advanced Member

  • Members
  • PipPipPip
  • 3442 posts

Posted 03 December 2014 - 12:14 PM

I, for one, don't understand why we couldn't have a "select individuals" menu, just like in the other website creation tools.


I haven't upgraded yet to know whether or not, but I've not seen any assertion that you couldn't have a "select individuals" menu ...just that they currently upload an original copy of the database to secure hosting and use it to create the website(s).

---
--- "GENEALOGY, n. An account of one's descent from an ancestor who did not particularly care to trace his own." - Ambrose Bierce
--- "The trouble ain't what people don't know, it's what they know that ain't so." - Josh Billings
---Ô¿Ô---
K e V i N


#34 BobDonLI

BobDonLI

    Member

  • Members
  • PipPip
  • 7 posts

Posted 03 December 2014 - 12:27 PM

The RM6 deprecation impression is probably my fault (unintentionally, I assure you). In another thread I SPECULATED that it would eventually be deprecated like HTML publishing, and Renee responded that she didn't know.

#35 kbens0n

kbens0n

    Advanced Member

  • Members
  • PipPipPip
  • 3442 posts

Posted 03 December 2014 - 12:42 PM

The RM6 deprecation impression is probably my fault (unintentionally, I assure you). In another thread I SPECULATED that it would eventually be deprecated like HTML publishing, and Renee responded that she didn't know.


Definitely unintentional... merely a speculatively-posed question :)

http://forums.rootsm...online/?p=67737

---
--- "GENEALOGY, n. An account of one's descent from an ancestor who did not particularly care to trace his own." - Ambrose Bierce
--- "The trouble ain't what people don't know, it's what they know that ain't so." - Josh Billings
---Ô¿Ô---
K e V i N


#36 RootsMagician

RootsMagician

    Administrator

  • Admin
  • PipPipPip
  • 826 posts

Posted 03 December 2014 - 03:56 PM

1. RM7 published websites are based on using the .rmgc file. You can a) use your main file, b ) use a scrubbed file, or c) not use the RM7 published website feature.

2. Many people are already uploading their RM files to "the cloud" whether it be Dropbox or Google Drive as backups, or to Dropbox to transfer to their iPad / Android device.

3. Both the RM6 style websites and older HTML style websites are still available in RM7. Do Internet > Generate files for a website and choose from those 2 styles. Those websites will need to be hosted on your own server.

4. When we add a new feature, we know it won't necessarily be used by every user (or even liked by some of them). It is up to each user to decide which features they will or won't use.
RootsMagician

#37 TomH

TomH

    Advanced Member

  • Members
  • PipPipPip
  • 6145 posts

Posted 03 December 2014 - 07:52 PM

The idea of an intermediate scrubbed file makes good sense if integrated in the Publish Online process. Filter controls like those in Export remembered between publishing sessions. Addresses those with the most sensitive security concerns while having no impact on the server-side development.

Tom user of RM7550 FTM2017 Ancestry.ca FamilySearch.org FindMyPast.com
SQLite_Tools_For_Roots_Magic_in_PR_Celti wiki, exploiting the database in special ways >>> RMtrix-tiny.png app, a bundle of RootsMagic utilities.


#38 BobDonLI

BobDonLI

    Member

  • Members
  • PipPip
  • 7 posts

Posted 03 December 2014 - 08:23 PM

Some thoughts:

 

1) I firmly believe that the model of web pages dynamically generated from a database is the best way to implement a genealogy website.

 

2) Working directly from a .rmgc file is also an excellent design decision.  It gets rid of the problem of RM-Database -> GEDCOM -> MySQL-Database conversion thus neatly avoiding all of the mangling of data relationships due to the limitations of lowest-common-denominator GEDCOM.

 

3) The bad news is that I think it makes it unlikely that we will see the ability to publish to non-RM servers.  Aside from the potential support issues, it would involve releasing a lot of php (which is, effectively, source code).

 

At the moment RM7 websites are not yet interesting enough to tempt me, but I can see the potential for RM7 websites to grow into something quite fantastic.  So at some time in the future I will have to make a decision about whether I want to upload my (scrubbed) .rmgc file to a server I have no control over.

 

Unfortunately that well has been poisoned by Ancestry (and others) where once you upload it to them, they own it. I trust RM, but companies change hands and evolve and yesterday's good guys can become tomorrow's data-exploiter-for-profit (cough, cough, Google).



#39 Trebor22

Trebor22

    Advanced Member

  • Members
  • PipPipPip
  • 163 posts

Posted 04 December 2014 - 04:52 AM

It is hard to shake off concerns about uploading private data, with so many reports of data breeches (and data harvesting by companies)  it seems wise to be cautious. Others have suggested a 'scrubbed' file for uploading and I think this should be the 'default' setting ie requiring the user to 'choose' to upload data on living or that marked as private! While I will not use this option for a website I'm not keen on the idea of a relative uploading my private data at the 'click of a button'!!

 

Bob



#40 Don Newcomb

Don Newcomb

    Advanced Member

  • Members
  • PipPipPip
  • 1033 posts

Posted 04 December 2014 - 07:34 AM

4. When we add a new feature, we know it won't necessarily be used by every user (or even liked by some of them). It is up to each user to decide which features they will or won't use.

 

Thanks Bruce, But the new features have to be interesting/enticing enough to attract people to pay for the upgrade. From the Webinar I only even recall 4 features I thought were interesting 1) Data Check 2) File Compare 3) Web Hints 4) Publish Online.

Data Check I might use once a year. File Compare, once a century. I have such concerns about privacy and security that I'd be afraid to turn the last two "upgrades" on. Right now, my response to the whole RM7 "upgrade" is "Thanks, but I think I'll pass."