User object privacy (encryption)
As discussed in various occasions, user objects at the platform, despite not accessible anymore by admin/staff users via the web GUI, are still accessible on disk by administrators.
We must setup a scheme to get rid of this "bug" as the trust on the platform itself depends on how well we can keep our users' information.
Here is a suggestion to get the ball rolling:
- Stored objects have declaration, code and documentation (files) encrypted using the user's password
- At execution, the complete experiment tree is passed to the scheduler, unencrypted, which relies solely on it (and not any longer on information on disk) to execute the experiment.
- How to deal with shared objects (public objects should be left unencrypted, I guess, but privately shared ones are not that clear)? Maybe we'll need to duplicate objects at sharing time.
- How to effectively implement this?
- The scheduler would have no longer to verify the hash of submitted experiments.