1. Alpharis
  2. Wishlist
  3. Monday, 08 October 2012
  4.  Subscribe via email
The CNotes component is a very good idea and work.

But for my point of view, I think that the notes taken by the registered users are totally private.
They must not be seen by the Admin.
These notes and comments are made for the sole benefit of the user.
He takes notes of personal ideas about an article of the website.
These ideas are confidential.

If he wants to share publicly some info he can always use a Comment module or component.
So the idea would be to crypt the data entered by the users.

Having info for the Admin of the website about the total number of Cnotes in the site, the numbers for each user, the number for each page where the module is present on the form of Statistic is fair. But this is the limit to not cross.

Like this the possibility to edit a Cnotes would be not possible for the admin.
The users have to know what all they can write belongs to them and is not viewable by others.

Anyway, congratulations for your work.
Responses (8)
Daniel Dimitrov
Support team
Accepted Answer Pending Moderation
Hey Alpharis,
Unfortunately nothing is totally private anymore. Your emails are not private, your chat communication is written somewhere etc...
The real question is - how easy it is to access that information. I could remove the screen that shows the notes, but what is preventing you from going into the db and looking at the notes there? Maybe what we need to add there is ACL - so only an admin will have access to that screen and not all backend users.

I like the other suggestions about the stats. I'll try to add them in one of the next versions.

Daniel
Please if you use our extensions be so kind and review them at JED
Matukio | Hotspots Pro | CComment Pro
  1. more than a month ago
  2. Wishlist
  3. # 1
Accepted Answer Pending Moderation
Hey Alpharis,
Unfortunately nothing is totally private anymore. Your emails are not private, your chat communication is written somewhere etc...

Unfortunately, I know this is the case.
But managing small spaces of privacy is always nice for users.


The real question is - how easy it is to access that information. I could remove the screen that shows the notes, but what is preventing you from going into the db and looking at the notes there? Maybe what we need to add there is ACL - so only an admin will have access to that screen and not all backend users.


I agree with you, looking directly at the DB is always possible.
I like your idea of only having the admin able to take a look at the notes.
But maybe a stronger solution would be to encrypt the notes when they are displayed
in the backend. And of course in the DB.
I think that this question of privacy is very important.
Of course having notes encrypted in the backend and readable in he frontend is not trivial :huh:


I like the other suggestions about the stats. I'll try to add them in one of the next versions.

My 2 cents on this point.
You've got a terrific idea with this module/component.
If you can guarantee a reasonable privacy with some statistics, you would be able to sell this application and let the free versions as it is.

The idea of taking note directly on a Joomla site is very interesting.
There is a lot to develop.

Thank you in advance for any idea or feature you are going to implement in Cnotes.

Kind Regards
  1. more than a month ago
  2. Wishlist
  3. # 2
Accepted Answer Pending Moderation
The CNotes component is a very good idea and work.

But for my point of view, I think that the notes taken by the registered users are totally private.
They must not be seen by the Admin.
These notes and comments are made for the sole benefit of the user.
He takes notes of personal ideas about an article of the website.
These ideas are confidential.

If he wants to share publicly some info he can always use a Comment module or component.
So the idea would be to crypt the data entered by the users.

Having info for the Admin of the website about the total number of Cnotes in the site, the numbers for each user, the number for each page where the module is present on the form of Statistic is fair. But this is the limit to not cross.

Like this the possibility to edit a Cnotes would be not possible for the admin.
The users have to know what all they can write belongs to them and is not viewable by others.

Anyway, congratulations for your work.



I don't get the point of you saying this. You are saying an admin shouldn't be able to view the user's notes, right? You can prevent this from not logging into the cNotes component in admin panel. I mean, the data is already in phpMyAdmin database, so what's the difference between NOT logging in the database table and NOT logging in the component backend? They both contain the same data.

So there really is no way around the "Not having admin users having the ability to see user notes".

Although the only way to truly make it not accessible by an admin, as you also mentioned, is by encrypting the data to the database so it comes out to be an md5 hash rather than a text note or something along these lines.

Just some thoughts for fun!


Tessa Mero
  1. more than a month ago
  2. Wishlist
  3. # 3
Accepted Answer Pending Moderation
Hi Tessa,

Let me explain you why I posted this suggestion.


I don't get the point of you saying this. You are saying an admin shouldn't be able to view the user's notes, right?

Yes. It's correct. For privacy reasons or security.


You can prevent this from not logging into the cNotes component in admin panel. I mean, the data is already in phpMyAdmin database, so what's the difference between NOT logging in the database table and NOT logging in the component backend? They both contain the same data.

So there really is no way around the "Not having admin users having the ability to see user notes".


A) Yes, I agree with you Tessa. When the Webmaster with Admin credit and Admin of the web site is the same person, it has no sense ;)

B) Same point if you are an admin of an internal server.

C) But in Joomla you can give admin access to several people with different user names and passwords. This means that among them, some users can not have the keys (name and password) to take a look at the phpMyAdmin console.
In the hosting environment I use, either Cpanel or Plesk, it's online, not local.
The access to these super admin are protected by user name and password which are different of the Joomla admin user and password.
Some hosting companies are asking you a different username and password for having access to phpMyAdmin even if you are already connected to the Plesk Console!

This is why, to better explain my point of view, I think it's rather correct to make a difference between Joomla Admin and Super Admin of the server or online hosting. You were right to ask for this clarification.


Although the only way to truly make it not accessible by an admin, as you also mentioned, is by encrypting the data to the database so it comes out to be an md5 hash rather than a text note or something along these lines.


Yes, it's correct again.
I did not enough developed this point.

Of course, it is md5 hashed, it will also be displayed hashed in the Frontend for the author of the note. Which is relatively embarrassing :huh:

The idea is to get a small button inside the Module which will call and additional module like, let's say a kind of PGP addon, which would decipher the cryptic code and display the correct and 'normal' text of the person with the use of a secret key.

OK, this possibility is far to be trivial. And needs a lot of development.

I just point this possibility or at least feature because I do believe that Privacy matters on the Internet.
And also that there is a huge market for this kind of feature for accounting companies, audit, or any organization interested by getting a knowledge management tool for its employees but which want to restrict access to tech people.

My two cents ;)
  1. more than a month ago
  2. Wishlist
  3. # 4
Daniel Dimitrov
Support team
Accepted Answer Pending Moderation
Have a look at the new version. You can now configure who is able to access the component
https://compojoom.com/downloads/official-releases-stable/cnotes-make-a-note/cnotes-1-1
docs:
https://compojoom.com/support/documentation/cnotes/ch03#idp58432

maybe this will answer some of your privacy concerns.
Daniel
Please if you use our extensions be so kind and review them at JED
Matukio | Hotspots Pro | CComment Pro
  1. more than a month ago
  2. Wishlist
  3. # 5
Accepted Answer Pending Moderation
Hi Daniel,

Thank you for your info.
And once again congratulations for your work.

I have installed the new version in a site under development.
It's running ok.
I just had a problem when testing it as a registered user.
I edited the note on a page and when it disappeared on this page
just after I saved the edit.
I had to disconnect and connect again to see the note and the modification done.
It was on Chrome.

Also, I have seen and tested the permission settings.
Yes, restricting the access to the component is a good point.
Now Super admin can set a fine settings for registered and admin users.

Just a point. For me, the super admin should not be able to edit the notes.
If the CEO of a company left a note on a page, I don't think that the Admin of the
Joomla site should be allowed to erase it.
And to me, he should even not be allowed to read it. ;)

But you are working in the good direction.
I still see a huge potential for this module.
I am going to leave a comment on extensions.joomla.org.

Good continuation.

Best regards
  1. more than a month ago
  2. Wishlist
  3. # 6
Daniel Dimitrov
Support team
Accepted Answer Pending Moderation
I just tested it on chrome and I couldn't confirm the disappearing problem. The super admin on a joomla website is able to do whatever he sees fit. It doesn't matter if you change the create permission to forbidden - it will still be allowed (correct me if I'm wrong)
With that said - you should have only 1 super admin on a site -> 1 person should have full access to everything. Everyone else should be an administrator or a user group that is similar to administrator. What is the point of having the CEO of the fictional company MilkCorp be a super admin on the site? Obviously he only knows about milk and nothing about websites. What he needs to have when he logs in are stats about sales, a window to type an article and that is all... (look at adminpraise - we've done some kinda cool stuff with Kyle there)

Cheers,
Daniel
Please if you use our extensions be so kind and review them at JED
Matukio | Hotspots Pro | CComment Pro
  1. more than a month ago
  2. Wishlist
  3. # 7
Accepted Answer Pending Moderation
I just tested it on chrome and I couldn't confirm the disappearing problem.

I am glad. I just mentioned this to let you know that I had this problem.
I had the same problem in the previous version.
It's maybe due to my specific version of Chrome running on Ubuntu.



The super admin on a joomla website is able to do whatever he sees fit. It doesn't matter if you change the create permission to forbidden - it will still be allowed (correct me if I'm wrong)

You are totally right. This is why I explained my point of view in previous posts on a (very :huh: ) complex way to crypt data for a total confidentiality.


With that said - you should have only 1 super admin on a site -> 1 person should have full access to everything. Everyone else should be an administrator or a user group that is similar to administrator.

I agree again. That's good practice.
Just be sure to let somewhere, in safe place, the password and login in case the Super Admin had a health problem or worst ... This happens.


What is the point of having the CEO of the fictional company MilkCorp be a super admin on the site? Obviously he only knows about milk and nothing about websites. What he needs to have when he logs in are stats about sales, a window to type an article and that is all...

You are correct again.
I think I was not enough clear.
The point is not to get the CEO able to log as a Super Admin in a site.
Indeed it has no interest and it is not his job.

Which bugs me (a little) is that the Super Admin can see the notes of the CEO.
Let's say that the CEO writes somewhere, caricaturing a little :
'Merge with MilkEnglishCream Corp and Fire all the guys of my IT department".
That could be embarrassing :oops:

Or he just can info about possible IPO on another company.
That's sensitive information.

But as the component is free, thanks again, it's a minor point.
Even if I still believe that a paid version with such feature would
be searched and appreciated by a lot of IT people.


(look at adminpraise - we've done some kinda cool stuff with Kyle there)

I have taken a look.
It is very interesting and clean.
It will sure be very helpful for people who are not tech oriented.
Just a point, on http://demo.adminpraise.com/, with the frame embedded
when I select the AdimPad Premium, I've got this error message.
500 - An error has occurred.
And with AdminPraise2 Premium, I've got
Database Error: Unable to connect to the database:Could not connect to database.

But it works well with AdminPraise3 Premium.

I let a comment on extension.joomla.org about the Cnote component.

Thank you for your work.

Cheers,
Alpharis
  1. more than a month ago
  2. Wishlist
  3. # 8
  • Page :
  • 1


There are no replies made for this post yet.
However, you are not allowed to reply to this post.

Last questions

Comment input field is not displayed
If I want to leave a comment on a post, I click on the button and a new page wit...
2 Replies
Posted on Friday, 20 December 2024
  • New
  • HotSpots Pro 6.0.12 crashes on FrontEnd with Conso
    Hi there, Not sure what happened but all of a sudden nothing shows up and giv...
    3 Replies
    Posted on Wednesday, 11 December 2024
    CComment - field - website address
    Hello In previous versions of CComment, it was possible to enable a field in ...
    0 Replies
    Posted on Saturday, 14 December 2024
  • New
  • Profile image for admin not showing
    Hi, profile image for administrator is not showing in comment. https://www.hu...
    0 Replies
    Posted on Friday, 13 December 2024
    How can I integrate the CComment input field into
    I’ve created com_content and a module for displaying the latest comments, which ...
    3 Replies
    Posted on Friday, 06 December 2024
    • #CComment
    • #comments
    • #module
    • #comments editor
    • #Ccomment Pro
    • #Joomla 5