Community Help

galyenk · ‎01-24-2016

I downloaded the requests table in Canvas Data. I have only one day's worth of data in the requests table, but I am assuming that I need to request the historical dump of our data, is that right? That said, within the requests table I get "query_string_redacted" on quite a few of the URLs. Is this normal? Or is it an error?

ccoan · ‎01-25-2016

Hello Krista,

As for the historical data, yes you'll need to make a request for historical back fill. This can be done through Canvas Support.

As for "query_string_redacted" this is a completely intended feature of Canvas, and how it's data is stored in the requests DB. Query string redacted is put in place whenever a query string contains an authentication token. This is very important from a security perspective from multiple reasons here are three major ones:

1. Requests are actually stored in a different database application than the normal data (which is postgres). PostgreSQL is the High performance DB Application, however Cassandra (the leading NoSQL Storage system) has many features valuable to the requests table. Especially considering how huge the requests table can be. It also prevents a requests table query from slowing down normal postgres queries which function everywhere else in the application. As such splitting up the access rights is a must. Say in the most horrible of solutions Cassandra has a security vulnerability, it is impossible to get access information from Cassandra, to then take over user accounts. Obviously this is an extreme scenario, but it doesn't need the access tokens stored. The fewer places it's stored (even if it's stored securely) the better.

2. If page views ever had a bug/new feature where it should new queries, we wouldn't have to check to make sure it didn't leak any access tokens. It will always not leak access tokens since they're redacted. It creates a safeguard for non-leaking of authorization tokens.

3. Instructure from a sales perspective occasionally likes to run anonymized usage reports (and by occasionally I mean frequently), obviously this is agreed to by the school in some sense, either in the initial sign up of canvas, or in some other method; however this prevents sales employees (who do not have access to others accounts, even though they are internal because they don't need access), can't get access to accounts by making these queries/graphs.

The basic point of these redacted messages is part of a security push. Basically "Don't store tokens where they don't need to be (regardless if they're stored securely)", "Don't give people access to tokens who don't need it".

View solution in original post

ccoan · ‎01-25-2016

Hello Krista,

As for the historical data, yes you'll need to make a request for historical back fill. This can be done through Canvas Support.

As for "query_string_redacted" this is a completely intended feature of Canvas, and how it's data is stored in the requests DB. Query string redacted is put in place whenever a query string contains an authentication token. This is very important from a security perspective from multiple reasons here are three major ones:

1. Requests are actually stored in a different database application than the normal data (which is postgres). PostgreSQL is the High performance DB Application, however Cassandra (the leading NoSQL Storage system) has many features valuable to the requests table. Especially considering how huge the requests table can be. It also prevents a requests table query from slowing down normal postgres queries which function everywhere else in the application. As such splitting up the access rights is a must. Say in the most horrible of solutions Cassandra has a security vulnerability, it is impossible to get access information from Cassandra, to then take over user accounts. Obviously this is an extreme scenario, but it doesn't need the access tokens stored. The fewer places it's stored (even if it's stored securely) the better.

2. If page views ever had a bug/new feature where it should new queries, we wouldn't have to check to make sure it didn't leak any access tokens. It will always not leak access tokens since they're redacted. It creates a safeguard for non-leaking of authorization tokens.

3. Instructure from a sales perspective occasionally likes to run anonymized usage reports (and by occasionally I mean frequently), obviously this is agreed to by the school in some sense, either in the initial sign up of canvas, or in some other method; however this prevents sales employees (who do not have access to others accounts, even though they are internal because they don't need access), can't get access to accounts by making these queries/graphs.

The basic point of these redacted messages is part of a security push. Basically "Don't store tokens where they don't need to be (regardless if they're stored securely)", "Don't give people access to tokens who don't need it".

galyenk · ‎01-25-2016

Got it!! Thanks for the explanation.

Sent from my iPhone

mlewis23 · ‎02-23-2016

This is very helpful. Is there a place in the documentation that explains that the url might be edited for security reasons?

query_string_redacted in Requests Table?

Error running initdb with DAP 1.1

CD1 to CD2 schema mapping document.

Is there a way to translate bash script to Azure w...

CD2 and Course Audit information

Canvas Data 2 Missing Some Learning Outcomes

Incremental query with missing pseudonym entries

Error running initdb with DAP 1.1

Setting up DAP Synchronization in AWS, Fargate or ...

Canvas Data 2 Schema Out of Sync?

(Canvas Data 2) Is it possible to scope on SubAcco...

You're signed out

query_string_redacted in Requests Table?

Community Help

View our top guides and resources: