smd_access_keys: secure, limited access to content

planeth · 2018-05-08 09:07:20

Hello Stef,

I tried to install your last release: smd_access_keys v0.20-beta.1 on a Textpattern version: 4.7.0-beta.3

I get this error :
ERROR 1071 (42000): Specified key was too long; max key length is 1000 bytes

But I also see you have other commits which are more recent.
Did you correct this error in these last commits?
I’m being lazy here :) Need to re-compile before install …

Update: I compiled and install the last version. Error still here.

Last edited by planeth (2018-05-08 09:13:59)

jakob · 2018-05-08 11:40:40

Planeth, this may or may not be relevant: I encountered that error for the first time just recently when upgrading an older txp version (though not with smd_access_keys). I had proactively updated the table collations to utf8mb4 before upgrading and couldn’t continue. It worked when I started over with my backup and updated the collations after the upgrade had been successful.

planeth · 2018-05-08 13:05:55

Well, Jakob, since it’s a new website, the tables were created by Textpattern with the utf8mb4 collation. So, not sure what to do ATM.
Would this mean that the error is tied to the collation type?

Bloke · 2018-05-08 13:17:53

planeth wrote #311639:

Would this mean that the error is tied to the collation type?

Yes, specifically multi-byte. The page (255) + t_hex (17), multiplied by 4 for the utf8mb4 collation is > 1000, hence bang.

Try this in the CREATE TABLE statement when defining the index (around line 1053 in the PHP file):

PRIMARY KEY (page(100),t_hex)

That should improve things. If it does, let me know and I’ll patch the code accordingly.

Sorry for the hassle.

planeth · 2018-05-08 18:35:08

Thanks, Stef, I’ll look into that next week.
Heading to London to talk about GDPR ;)

Bloke · 2018-05-08 20:45:40

planeth wrote #311644:

Heading to London to talk about GDPR ;)

Cool. If you’d said earlier I’d have factored in a trip to London to meet up for a drink. Have fun!

planeth · 2018-05-09 06:38:25

Bloke wrote #311647:

Cool. If you’d said earlier I’d have factored in a trip to London to meet up for a drink. Have fun!

Too bad :( I confess that I forgot that Textpattern folks are in UK

saccade · 2018-05-18 19:19:07

Hi,
any expert on double-opt-in in GDPR around?
I need that urgently and as far as I understand, for GDPR-compliance we should exactly log when and from which IP someone opted in.
On the other hand txp 4.7 doesn’t automatically log IPs (which I regard as good).
So now I’m a little confused how to have an elegant double-opt-in with txp.

anyone with experience and helpful advice?

best regards
Michael

Last edited by saccade (2018-05-18 19:19:33)

jakob · 2018-05-18 20:09:13

Hi Michael,

I know double opt-in in the context of a newsletter sign-up to ensure consent really comes from the email recipient. That’s been standard practice for a while now and is not new with GDPR. Is that what you mean?

Or is this specifically in combination with smd_access_keys and protected content (as you posted in this thread)? If so, please explain.

I’ve not heard of double opt-in being necessary for a regular site visit. Consent only needs to be sought before collecting and processing personally identifiable information. In practice, that is mostly cookies, viewers, social plugins, logging and the like. Up to now implied consent for cookies has been common practice (“You agree to cookies if you continue to surf this site”), i.e. cookies are used unless the user explicitly refuses them. The German data protection authorities suggested last month in a Positionspapier (PDF) that explicit opt-in will be required to use cookies (i.e. cookies cannot be set until the user clicks “accept”), but that advice comes very late and I guess the last word’s not been said on that.

Either way, if it’s any help, you can use my fork of jQuery cookiebar plugin which I slightly adapted so that it can be used for implied or explicit opt-in scenarios.

saccade · 2018-05-18 20:16:23

Hi Jakob,
yes essentially newsletter sign-up is one of my main interests.

Provoding a link to the website for the second opt-in is what I want to do.
But what’s happening then, when the email recipient signs up?
Does the link generate another mail to me?
Or does it register consent within the database?
Where can I check this, if so?
And what about IP and so on?

jakob · 2018-05-18 20:17:45

If you do mean double opt-in for email, you’ll need a system that supports that, e.g. before the email address is added to the newsletter system, the future recipient must confirm via a link in the email that he/she really wishes to receive emails. I suppose if you have a home-grown email newsletter system, you might be able to achieve this by sending out an access key, then logging when it is used.

As far as existing email newsletter recipients are concerned, I believe double opt-in is not necessary, only re-consent (e.g. confirmation), so that you have a record of them saying yes. You could probably achieve that by the same method.

EDIT: Our mails crossed.

saccade · 2018-05-18 20:29:16

Thanks!
I’m in a area of pastoral care sites which have to follow slightly stricter rules than GDPR/DSGVO (there are special laws which adapt DSGVO for catholic and protestant churches).
And of course it’s in our own interest to grant a high level of privacy and trust and so we want to sort out use of other addresses. Also we need to make sure that no other person can for example fill an application for some event.

Sending out an access key and logging when it is used is exactly what I’m after.

But I have no clue how exactly this logging happens.
And at least also this logging has to be in compliance with GDPR-Rules of documentation.

Last edited by saccade (2018-05-18 20:34:03)

Textpattern CMS

Textpattern CMS support forum

#109 2018-05-08 09:07:20

Re: smd_access_keys: secure, limited access to content

#110 2018-05-08 11:40:40

Re: smd_access_keys: secure, limited access to content

#111 2018-05-08 13:05:55

Re: smd_access_keys: secure, limited access to content

#112 2018-05-08 13:17:53

Re: smd_access_keys: secure, limited access to content

planeth wrote #311639:

#113 2018-05-08 18:35:08

Re: smd_access_keys: secure, limited access to content

#114 2018-05-08 20:45:40

Re: smd_access_keys: secure, limited access to content

planeth wrote #311644:

#115 2018-05-09 06:38:25

Re: smd_access_keys: secure, limited access to content

Bloke wrote #311647:

#116 2018-05-18 19:19:07

Re: smd_access_keys: secure, limited access to content

#117 2018-05-18 20:09:13

Re: smd_access_keys: secure, limited access to content

#118 2018-05-18 20:16:23

Re: smd_access_keys: secure, limited access to content

#119 2018-05-18 20:17:45

Re: smd_access_keys: secure, limited access to content

#120 2018-05-18 20:29:16

Re: smd_access_keys: secure, limited access to content

Board footer