Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New doc: GDPR support in ASP.NET Core #6516

Merged
merged 10 commits into from
May 23, 2018
Merged

New doc: GDPR support in ASP.NET Core #6516

merged 10 commits into from
May 23, 2018

Conversation

Rick-Anderson
Copy link
Contributor

@Rick-Anderson Rick-Anderson commented May 21, 2018
edited
Loading

@Rick-Anderson Rick-Anderson changed the title Gdpr/ra WIP: GDPR May 21, 2018
@Rick-Anderson Rick-Anderson changed the title WIP: GDPR GDPR May 22, 2018
@Tratcher
Copy link
Member

Recommended Ordering:

  • CookiePolicyOptions and UseCookiePolicy
  • _CookieConsentPartial.cshtml partial view
  • Privacy.cshtml
  • Essential Cookies
  • Tempdata & Session cookies
  • Identity
    o Download
    o Delete
    o Encrypt
    o Etc..

@Tratcher Tratcher requested review from Tratcher and HaoK May 22, 2018 16:14
Tratcher
Tratcher reviewed May 22, 2018
View reviewed changes
aspnetcore/security/gdpr.md Outdated

## Essential cookies

If tracking is disabled, only cookies marked essential are sent to the browser. The following code makes a cookie essential:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If consent has not been given...

@blowdart
Copy link
Contributor

Don't mention encryption, until I have a sample I'm happy with. We'll use that to create a document all on it's own. You could however add a paragraph like the following,

Some databases or storage mechanisms allow for encryption at rest, encrypting your stored data with no work needed for any software that accesses the data. This is, by far, the easiest and safest option, let the database manage keys and encryption for you. For example, Microsoft SQL and Azure SQL provide Transparent Data Encryption (TDE), and Azure has encrypted SQL database by default since May 2017, as well as encrypting blobs, files, tables and queue storage since August 2017. For databases that don't provide built-in encryption at rest you may be able to use disk encryption, such as Bitlocker to provide the same protections. Linux has encrypted file systems so as eCryptfs and EncFS.

@blowdart
Copy link
Contributor

Should we highlight that the delete and download only touch the default identity data, and needs to be extended out as soon as you start storing other things? Also mention cascading deletes - https://github.com/aspnet/Identity/issues/1797#issuecomment-391052520

@HaoK HaoK requested a review from blowdart May 22, 2018 16:38
@Rick-Anderson Rick-Anderson changed the title GDPR New doc: GDPR May 22, 2018
@Rick-Anderson Rick-Anderson changed the title New doc: GDPR New doc: GDPR support in ASP.NET Core May 22, 2018
@Rick-Anderson
Copy link
Contributor Author

@Tratcher @HaoK @blowdart GDPR ready for final review.

@Rick-Anderson Rick-Anderson merged commit 26c7934 into master May 23, 2018
@Rick-Anderson Rick-Anderson deleted the GDPR/ra branch May 23, 2018 03:09
@guardrex guardrex mentioned this pull request Jun 27, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Tratcher Tratcher Tratcher approved these changes

@HaoK HaoK Awaiting requested review from HaoK

@blowdart blowdart Awaiting requested review from blowdart

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Rick-Anderson @Tratcher @blowdart