+ 4

[Solved] How do I protect the privacy of users without breaking my program?

I am using Django for a current project and some future ones and one of the features I wanted to implement was to give the user the ability to delete their account in full. But as I was researching how to do so properly, Django's official docs actually says, "We recommend that you set [the 'is_active'] flag to False instead of deleting accounts; that way, if your applications have any foreign keys to users, the foreign keys won’t break. Here's a link to the docs: https://docs.djangoproject.com/en/dev/ref/contrib/auth/#django.contrib.auth.models.User.is_active Is there any way I can prevent a Foreign Key disaster while still allowing the user to delete their account? The ability for users to have agency over their own data and to have it completely destroyed is very important to me especially since my next project deals with repoductive health.

26th Apr 2023, 10:35 AM
Justice
Justice - avatar
10 Respuestas
+ 7
Justice using models.cascade has no security flaws, the only concern is whether you want to let go of all the related content which you are okay with so in your case you can use models.cascade
26th Apr 2023, 11:39 AM
Anonymous
Anonymous - avatar
+ 4
The short answer is to add models.CASCADE to foreignkey references of the user. What this does is when a user is deleted every object with a foreignkey reference to that user also gets deleted
26th Apr 2023, 10:49 AM
Anonymous
Anonymous - avatar
+ 3
Justice Few reasons are To keep a clean database by preventing gaps in the tables since deleted rows primary keys are not reused For user data this can be used by analytics software used by the Web application for things like recommendation
26th Apr 2023, 11:01 AM
Anonymous
Anonymous - avatar
+ 3
Justice happy to help 😊
26th Apr 2023, 11:57 AM
Anonymous
Anonymous - avatar
+ 3
Bob_Li Tibor Santa My apologies, I forgot to edit the question as solved but I got what I needed from what I marked as best answer. Cascading does what I need it to do (already tested). Though for the messaging feature for the app I am working on currently, placeholders/dummy info sounds like a great idea, so thanks! But otherwise all other features and apps I want to do in the near feature don't have communication with other users, so I have no qualms about doing a complete purge.
27th Apr 2023, 9:54 AM
Justice
Justice - avatar
+ 2
Anonymous I have that already but I was feeling like, if it was already that simple, why wouldn't the Django docs refer to that and instead completely discourage deleting users? I'm quite baffled at that and it's making me nervous LOL
26th Apr 2023, 10:51 AM
Justice
Justice - avatar
+ 2
Anonymous I'm not planning to use analytics software unless it's for finding bugs but I think I can see what you mean. Is this something that only affects the user table though? I had no trouble allowing the user to purge something else. For my current project which is a social network mock, I'm allowing users to purge all their posts at once and it seems fine.
26th Apr 2023, 11:08 AM
Justice
Justice - avatar
+ 2
Anonymous Thanks a bunch! Now I just have to safely figure out how to let a user delete themselves while they're logged in.... I'll probably just have to reverse them back to the homepage after I've logged them out.
26th Apr 2023, 11:54 AM
Justice
Justice - avatar
+ 2
late and probably not helpful, but here is a similar question on SO. https://stackoverflow.com/questions/65365131/letting-users-delete-their-own-accounts-in-django "The main problem with deleting a user is that there are often triggers that will remove all the related data." That might or might not be a problem. Some posts and comments might become messed up, but maybe you could come up with a placeholder explaining that the post or comment was removed and why.
27th Apr 2023, 3:46 AM
Bob_Li
Bob_Li - avatar
+ 2
I think whether or not this could cause a problem, depends largely on your data model. I am not familiar with Django, but in a relational database table you can have a reference to the same table. For example in an employees table, each employee record could have a manager, which is also an employee (a different record in the same table). So cascade deleting all related records of a user, could potentially delete other users or other entities which you meant to keep. However this question also has a legal implication. In the European Union, there is a regulation called GDPR which enforces companies how to handle the personal data of their users or partners. Upon request, such data must be removed. This is a technical difficulity exactly for the reason above, because of the interdependencies in relational tables. So the usual approach is to anonimize it: overwrite the personal info with dummy (redacted) entry, and disable the record. That way the data structure remains intact.
27th Apr 2023, 4:59 AM
Tibor Santa
Tibor Santa - avatar