Enhanced security
Brought to you by:
canajun2eh,
yalnifj
Menu
▾
▴
Does anybody has a solution for the problem that I have multiple families (all related) in 1 GEDCOM, where persons from family a are not alowed to see family b?
I know about the GENDORBENDOR initiiative, but that is yet to deliver the first alphs version
You asked the question that I would also like to know...
Does anybody know if gendorbendor is working on any changes to the enhanced security???
I asked a question on their page but didn't receive any answer :-(
It's been a few weeks since I have been in contact with the gendorbendor project administrator.
At that time we were discussing merging the two projects. He thought that was a good idea. There were a few things that were holding him up such as finding or making a relationship calculator and how to automatically link users with their individual gedcom record.
I haven't had time to find or create a relationship calculator yet either. But it has been requested. I plan on allowing an administrator to associate a user with an individual in the gedcom through the user admin interface. That association and the relationshp calculator could then be used in a custom privacy.php file to determine access. This will probably be an add-on module not part of the default phpgedview distrobution.
So the current hold-up is a relationship calculator.
Something that may become part of the default privacy module or may become an add-on module is user based access privileges. This will allow you to specify the access privileges for a specific user manually in the privacy.php file. So you can edit the privacy.php file to say that this particular user only has access to this list of individuals, or has access to all but this list of individuals. Depending on the size of your user base this could be a good alternative to the relationship based privacy described above. I will probably finish this module before the other one just because it is easier.
I hope this answered some of your questions. You may want to contact David Bendory who is the project administrator for gendorbendor and ask him what his plans are.
If anyone else out there has the time to work on these modules then I will gladly let them, because I have plenty to work on with the rest of phpGedView, as Kurt knows ;-)
Also, if anyone knows of a good open-source relationship calculator I could look at, could you please post it.
Thanks,
--John
John,
I'm sorry I do know absolutely nothing about coding in PHP, so I cann't hlp you there. But a design has come to my mind where an unchanging unique identification (I allways forget RIN or REFN) for each person in the database is used to identify the person(S) someone can start browsing the file from. Moving generations away from such a starting point is allways allowed, as long as it is done through displayed links, moving generations back only if the target individual has been selected earlier in the session. This may make the admin task a lot easier then in the solution you described. But it will be more difficult to program I fear.
I already contacted David B. He told me he has no time towork on the project.
Thanks for a good product,
Wim Rozendaal
I think that I have been able to make the relationship calculator fast enough to work for the enhanced privacy options. I've added some enhancement that greatly improve its performance by checking the dates of the two people to be calculated and basing the AI search hueristics off of that. This increases the intelligence of the search so that it tries to stay around the same age as the person it is looking for.
I will also provide the option of limiting the path length of a person who will be considered related. For example a cousin only requires a path length of 4. You-->Your Parent-->Your Parent's Sibling-->Your cousin. A second cousin would be a path length of 6. By configuring the path length in the privacy module you will be able to limit how closely related a person must be before others can see their private data and how long a search will take.
Another way to speed up the calculation will be to disable the following related by marriage links. Disabling this options means you wouldn't be able to see your brother's wife's siblings.
--John
John
Has any more work been done on this subject?
I have two GEDCOM files both with multiple familes and need to keep both the familes and the GEDCOM's private.
Steve
Hi Steve...
I think John has no time for the next week so I will try to answer your question.
As I know there will be some changes for privacy in v2.13.
Relationship path and user-ids for logged in users and also start-ids for them will be built in.
So please wait a little bit and John can give you a better answer next week.
bye, Kurt
Hi Steve,
As Kurt said, version 2.13 has the features discussed in this forum.
The users of the new version will include two new fields one for admins to specify which individual they are in the gedcom, and one for them to specify who they want for the root person.
The new privacy.php module includes 3 new configuration variables: $USE_RELATIONSHIP_PRIVACY, $MAX_RELATION_PATH_LENGTH, and $CHECK_MARRIAGE_RELATIONS.
Setting $USE_RELATIONSHIP_PRIVACY = true; will tell phpGedView to allow access to all living people that are within $MAX_RELATION_PATH_LENGTH distance to the ID specified in the User's profile. Setting $CHECK_MARRIAGE_RELATIONS = true; will follow spouse relationships letting you see in-laws and others that you wouldn't get to see under a normal blood relationship.
Unfortunately, I just realized that I haven't considered how this will work under your setup in MySQL using two gedcoms... You will need to specify which GEDCOM they belong to as well since I1 in one gedcom is not the same I1 in another gedcom. This presents the problem, however, that a single user could exist in each gedcom. Hmm... it is going to be harder to upgrade the MySQL version than I thought.
--John
John, nice to see you back.
The two I1's will not be a problem as I am going to upload a single data set for the direct lines and a second with the complete tree.
What you have listed above looks like it will do the trick.
Thanks Steve