Annexe F

Security Features

CallWeb incorporates several layers of security features. They are reviewed in this section.

FeaturesExplanation
Minimum direct availability
Erasing .scw filesQuestionnaire script files are openly readable txt files. In that sense and because they temporarily reside in the project directory, they represent a security risk: someone getting a hold of the file would know about the nature of the project. It is good practice to delete, rename or move the .scw files once they have been compiled. The compiled .qcw questionnaire is not in a readable format.
No access to MySQLIn principle, the MySQL server should not serve connections from outside the local computer. This way, only local users with MySQL accounts can access CallWeb data.
No data in HTML pagesCallWeb transmits no questionnaire data within its HTML pages — only a case number and an encoded version of the case number along with the numeric answers provided on the current page. Even if questionnaire pages were intercepted, no personal data would be communicated.
No project directory in URLsThe location of the project directory is not revealed by the URL used to fill out the questionnaire. This way, hackers cannot determine which directory could be the target of their attacks.
Access control
Questionnaire accessAccess to complete a questionnaire can be password-protected such that only those issued a password can provide data and they can answer only once.
Passwords for utilitiesAccess to project data by utility programs can be password protected. Three levels of passwords are available: to access the utility directory (managed by Apache), to read the data and to modify the data.
Utility directoriesThe master utility directory typically contains all of the available utility programs. Other utility directories can be created with a subset of programs to limit what some individuals can do or which data they can access. A pound instructions also exists (# Visible from) to specify which utility directory (other than the master directory) can have access to a given project. This way, the CallWeb administrator can contain access to data by function and by data set.
Data integrity
Lossless page navigationQuestionnaire respondents cannot lose data: whether they proceed forward with the questionnaire, backtrack using the CallWeb button or the browser button, change language part-way through or even close the browser session altogether, data is always secured up to that moment — to the extent that it has been transmitted to the server, obviously.
Lossless structural modificationsAny structural modification can be implemented part-way through data collection: addition of questions, deletion of questions, modifications to skip patterns, moving questions, adding open-end parts, etc. No data will be lost in the process (except if one deletes a question containing data, obviously).
Tab-delimited back-upsCallWeb offers a tool to back up data to a tab-delimited file which can easily be used to repopulate a project in the event of a catastrophe. Back-ups can be performed up to once an hour. They can be left in the project directory or e-mailed (a more secure option since no data is left in the project directory).
Encoded case numberWhen an HTML response page is sent to the server, the corresponding CallWeb case number is sent along to tell the system which data record to update. An encoded version of that case number is also sent so that a hacker could not modify the case number and update someone else's record. If this were attempted, the lack of correspondence between the case number and its encoded version would interrupt the system.

Annexe F

Security Features

CallWeb incorporates several layers of security features. They are reviewed in this section.

FeaturesExplanation
Minimum direct availability
Erasing .scw filesQuestionnaire script files are openly readable txt files. In that sense and because they temporarily reside in the project directory, they represent a security risk: someone getting a hold of the file would know about the nature of the project. It is good practice to delete, rename or move the .scw files once they have been compiled. The compiled .qcw questionnaire is not in a readable format.
No access to MySQLIn principle, the MySQL server should not serve connections from outside the local computer. This way, only local users with MySQL accounts can access CallWeb data.
No data in HTML pagesCallWeb transmits no questionnaire data within its HTML pages — only a case number and an encoded version of the case number along with the numeric answers provided on the current page. Even if questionnaire pages were intercepted, no personal data would be communicated.
No project directory in URLsThe location of the project directory is not revealed by the URL used to fill out the questionnaire. This way, hackers cannot determine which directory could be the target of their attacks.
Access control
Questionnaire accessAccess to complete a questionnaire can be password-protected such that only those issued a password can provide data and they can answer only once.
Passwords for utilitiesAccess to project data by utility programs can be password protected. Three levels of passwords are available: to access the utility directory (managed by Apache), to read the data and to modify the data.
Utility directoriesThe master utility directory typically contains all of the available utility programs. Other utility directories can be created with a subset of programs to limit what some individuals can do or which data they can access. A pound instructions also exists (# Visible from) to specify which utility directory (other than the master directory) can have access to a given project. This way, the CallWeb administrator can contain access to data by function and by data set.
Data integrity
Lossless page navigationQuestionnaire respondents cannot lose data: whether they proceed forward with the questionnaire, backtrack using the CallWeb button or the browser button, change language part-way through or even close the browser session altogether, data is always secured up to that moment — to the extent that it has been transmitted to the server, obviously.
Lossless structural modificationsAny structural modification can be implemented part-way through data collection: addition of questions, deletion of questions, modifications to skip patterns, moving questions, adding open-end parts, etc. No data will be lost in the process (except if one deletes a question containing data, obviously).
Tab-delimited back-upsCallWeb offers a tool to back up data to a tab-delimited file which can easily be used to repopulate a project in the event of a catastrophe. Back-ups can be performed up to once an hour. They can be left in the project directory or e-mailed (a more secure option since no data is left in the project directory).
Encoded case numberWhen an HTML response page is sent to the server, the corresponding CallWeb case number is sent along to tell the system which data record to update. An encoded version of that case number is also sent so that a hacker could not modify the case number and update someone else's record. If this were attempted, the lack of correspondence between the case number and its encoded version would interrupt the system.