The clickstream table, and the relevant class (I foolishly kept around)
logs every action on Plans and links it to a username.
The following query:
SELECT secrets.secret_id, secrets.secret_text, accounts.username
FROM secrets
LEFT JOIN clickstream ON (clickstream.created = secrets.date)
LEFT JOIN accounts ON (accounts.userid = clickstream.userid)
WHERE clicstream.script_uri LIKE '%anonymous%';
would return the username of each person who submitted a secret. This is a
major privacy issue. Although this data (or the results of this query) are
not exposed, it gives dangerous powers to the sysadm overlords. Thankfully
a crontab somewhere seems to wipe Clickstream. Furthermore, the MySQL takes
up ~800M that are completely unnecessary.
The class and the table should be removed.
Original issue reported on code.google.com by thatha7777 on 30 Jul 2009 at 3:46
Original issue reported on code.google.com by
thatha7777
on 30 Jul 2009 at 3:46