I cant seam to find any information on how to configure the “Usage statistics” plugin settings.
I wish to anonymize statistics due to GDPR but i cant find any info on how to create the salt file that should be readable by the web server user
Im running OJS 3.x on RedHat Linux.
These are the settings i wish to use:
Data privacy option
To ensure data privacy, you must specify a file readable and writable by the web … ; the function openssl_random_pseudo_bytes, which requires the PHP openssl; the file /dev/urandom, … salt …
File path for the anonymizing salt
Activate this option to use a plugin version that respects privacy legislations, i.e. that is logging hashed IP addresses, informs the users about the tracking and provides an opt-out option for users. Note: when using this option you will not be able to use the geo features of the plugin.
Anonymize usage data. OJS and OMP both have a Usage Statistic plugin that provides detailed metrics on page views and galley file downloads. It also creates and stores log files containing detailed information including IP address, date/time visited, page views, and browser information. This plugin does have a “Respect data privacy” option that will hash IP addresses, and inform visitors that this data is being tracked (with an option to opt-out). More information is available in the following locations:
The salt parameter is a random hash to include in the config.inc.php file. You can create it manually or using some online password generator.
You will need to adjust the parameter in your config.inc.php file:
; The unique salt to use for generating password reset hashes
salt = "YouMustSetASecretKeyHere!!"
I see the issue is solved
Maybe then just to confirm here that the salt in the config.ini is not the same as the salt file needed for usage stats. The salt file for usage stats has to be created by the system admin – it is a text file that should be readable and writable for the web user. The file content will be created automatically and will change daily, so that the hashed IP can not be decrypted.
To see if everything is OK, one could
Generate the file on the server somehow (I don’t know how, or where to store it, etc.)
Provide a full link to the file in the “File path for the anonymizing salt” parameter in the usage plugin
Check the “Respect data privacy” checkbox
After saving the usage plugin settings and after some usage of the web site happened
Check if the salt is in the file and if the IP address in the usage stats log file is hashed
@bozana Thanks! Your solution sounds correct! I used the same file for both which sounded wired. This plugin is not so well documented, maybe i will post a howto when and if everything is working
@bozana Tested you suggestions and it works great!
Created a empty text file (on Linux) with touch /path/file and gave the web server read and write permissions. Added the file to the statistics plugin, then some random surfing on the site it self. A salt was created and everything looks great