sckott
commented
4 years ago I'm not sure I follow your description, when you get back from vacation, please explain in more detail
Closed maelle closed 3 years ago
sckott
commented
4 years ago I'm not sure I follow your description, when you get back from vacation, please explain in more detail
maelle
commented
4 years ago Answering before I forget what I meant. 😅 I was (yes not clearly) wondering whether one could get in trouble with a commercial web service if publicly storing responses in non encrypted cassettes. Depending on the data usage guidelines of the service. E.g. Google, Twitter.
I think in the book it could mean that when mentioning encryption of cassettes, one should say it's for sensitive data (like personal data, medical data) but also for data one doesn't own (geocoding results from Google)?
sckott
commented
4 years ago thanks @maelle ! makes sense now. yes, we should add notes on this, will do
maelle
commented
4 years ago Related to #2
maelle
commented
3 years ago If you are dealing with sensitive data in your API (cf https://github.com/ropensci/qualtRics/pull/140#issuecomment-619647467) you probably don't want to save actual data.
So you'll want to either
Having a sandbox is the best solution because it also means other contributors to the package get the same data.
maelle
commented
3 years ago I could show how to encrypt files with sodium, using example from gargle code. That applies to tokens but one could also encrypt cassettes although of course that is not cool for PRs from forks.
Secure data but also data one doesn't one (check the data provider is ok with data being cached for tests or could a data provider think it's resharing the data)