You should make sure that your sql:sanitize command clears out all user identifiable information. One thing to note is that the username is still present, this allows you to log in as those users without completely clearing all of their data, which is useful when running testing in testing environments. Take a look at your database once this process is completed and you will see the same structure in place, but with little or no identifiable information in place. user_field_user_name table sanitized.įrom the above output you can also see that comments and sessions have also been sanitised. Comment display names and emails removed. Here, I have a field called field_user_name that the command has reported on clearing out, along with the passwords and name for the users. Letting this command run it will produce output like this. The new versions will auto-detect the text based fields associated with the user and anonymise them. In Drupal 7 this used to be a laborious task as you would need to write custom commands to remove data from all user fields. Thankfully the sanitisation of user fields in Drupal 9 is baked into the command. * Sanitize text fields associated with users.ĭo you want to sanitize the current database? (yes/no) : * Remove comment display names and emails. The following operations will be performed: Drush will intelligently adapt to the modules you have installed, so if you have the comment module enabled it will include that in the things to be sanitised (hence it's inclusion in the example below). If you run this command it will show you a list of the things that it will sanitise during this process. This comes with Drush and should be available out of the box.
If you are using Drupal 9 and Drush then you can sanitise your data easily using the sql:sanitize command. You want your users to have confidence in your abilities to protect their data and sanitisation allows you to keep their user data only on your production environment (and any production backups). Sanitisation is important from a data security point of view as you do not want any user data leaking out from your development (or testing) platforms. Things like name, address, company or even gender should all be sanitised. You would assume that this means removing passwords and email addresses, but it also includes any fields you might have added to the user that might contain information. This means to remove all user identifiable information from the database. When copying a database from your production environment to your dev or local setup you should probably be sanitising it.
0 kommentar(er)
