Encrypt anonymous users in the database #13
Description
For public signatures, all information in the database is shown on the website. For these, encrypting the database is thus not necessary. Anonymous signatures, however, are currently unencrypted in the database and can be accessed under certain circumstances.
The only people who can view the name and orcid of an anonymous signatory are people who can access the signatory database. A priori, this is only the system administrators (of which there are three on our server). Nevertheless, there is an unlikely possibility that the database could fall in the wrong hands, either as a result of our server or backups being hacked, or by someone accessing the system admin's computer where a copy of the database might be stored. For these cases, it would be useful to encrypt the data entries associated with anonymous signatures.
It is probably not necessary to encrypt the entire database: at a minimum the anonymous signatory's name, orcid, and affiliation should be encrypted.