用户帐户终止时删除数据的最佳实践
在拥有大量用户生成内容(例如论坛主题、博客评论、提交的文章、私人和公共消息、用户个人资料等)的网站上; 如果用户终止其帐户,如何处理用户生成的数据的最佳实践是什么?
我不是在寻求法律建议,我也不认为这是一个法律问题,而是一个在用户、其他用户和网站之间取得平衡的问题,因为在达到平衡后可以制定使用条款。 用户删除帐户时应考虑以下一些情况:
- 用户之间的私人消息 - 对话轨迹应该是 删除了? 如果是这样,你如何记账 对于合法的骚扰案件 需要证据吗?
- 论坛问题或解答 - 如果 用户提出了一个问题,应该 整个线程被删除? 如果他们 回答一个问题,应该回答 被删除?
我在将用户帐户实施到 CMS 时问这个问题。 我知道 Facebook 最近因使用条款的更改而遇到麻烦,但是如何您是否平衡删除的愿望与其他参与用户的需求和投资?
On a site that has a fair share of user-generated content such as forum threads, blog comments, submitted articles, private and public messaging, user profiles, etc; what is the best practice as far as what to do with the user-generated data if a user terminates their account?
I'm not asking legal advice and I don't view this as a legal question so much as a question of striking a balance between the user, other users, and the site because terms of use can be drawn up after that balance is struck. Some of the following scenarios should be considered when a user deletes their account:
- Private messages between users -
Should the conversation trail be
deleted? If so, how do you account
for cases of harassment where legal
evidence is needed? - Forum questions or answers - If the
user asked a question, should the
entire thread be deleted? If they
answer a question, should the answer
be deleted?
I'm asking this question as I'm implementing user accounts into a CMS. I know that Facebook recently ran into trouble with their changes in their terms of use, but how do you balance a desire to delete with the needs and investment of the other users who also participated?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
一般来说,对于数据库来说,您很少删除任何内容。 您可以将其标记为已删除,但一般来说,您至少将其保留在数据库中一段时间。
这件事情是由很多原因导致的。 其中一些是合法的。 您可能需要在给定时间内保留数据。 其中一些是技术性的。 有时这只是一种保障。 您可能需要恢复信息。 用户可能会请求重新打开他们的帐户,或者可能由于垃圾邮件而被锁定,但那是因为该帐户已被盗用并且现已恢复。
旧数据可能会被删除或存档,但这可能需要数月甚至数年的时间。
就我个人而言,我只是为相关数据提供一个状态列(例如,1 = 活动,0 = 已删除),然后仅更改状态而不是删除它(99% 的情况下)。
数据完整性是另一个问题。 让我举一个例子。
假设您有两个实体:
您想要删除特定用户。 您如何处理他们发送和接收的消息? 这些邮件将出现在其他人的收件箱或已发送的邮件中,因此您无法删除它们。 Message中的相关字段是否设置为NULL? 这也没有多大意义,因为该消息确实来自(或发送给)某人,即使他们不再活跃。
您最好将该用户标记为已删除并保留它们。 它使这种情况和类似情况更容易处理。
您还提到了论坛主题等等。 您也无法删除这些内容(除非有其他原因,例如垃圾邮件或滥用行为),因为它们是与其他内容相关的内容(例如已回复的论坛消息)。
您可以安全合理删除的唯一数据是子数据。 这确实是聚合和组合之间的区别。 上面的User和消息的关系就是聚合。 构图的一个例子是 House 和 Room。 你删除了一个房子,所有的房间都会消失。 没有房子,房间就不可能存在。 这是组合,或者用实体关系术语来说,是父子关系。
但你会发现聚合的实例比组合的实例更多(根据我的经验),所以问题就变成了:你如何处理这些数据? 如果不删除不该删除的东西,就很难抹去某个人的所有痕迹。 只需将它们标记为已删除、锁定或不活动,然后以这种方式处理即可。
Generally speaking with databases you rarely delete anything. You can mark it as deleted but generally speaking you keep it in your database at least for a time.
There are many reasons for this. Some of them are legal. You may have requirements ot keep data for a given period. Some of them are technical. Sometimes its just a safeguard. You may need to restore the information. The user may request their account is reopened or it may have been locked due to spamming but that was because the account had been compromised and has now been restored.
Old data may be deleted or archived but this may take months or even years.
Personally I just give relevant data a status column (eg 1 = active, 0 = deleted) and then just change the status rather than delete it 99% of the time.
Data integrity is another issue here. Let me give you an example.
Assume you have two entities:
You want to delete a particular User. What do you do about messages they've sent and received? Those messages will appear in someone else's inbox or sent items so you can't delete them. Do you set the relevant field in Message to NULL? That doesn't make a lot of sense either because that message did come from (or go to) somebody, even if they aren't active anymore.
You're better off just marking that user as deleted and keeping them around. It makes this and similar situations much easier to deal with.
You also mention forum threads and so on. You can't delete those either (unless there are other reasons to do so such as spam or abuse) because they're content that is related to other content (eg forum messages that have been replied to).
The only data you can safely and reasonably delete is child data. This is really the difference between aggregation and composition. The User and message relationship above is aggregation. An example of composition is House and Room. You delete a House and all the rooms go to. Rooms cannot exist without a House. This is composition or, in entity relationship terms, a parent-child relationship.
But you'll find more instances of aggregation than composition (in my experience) so the question becomes: what do you do with that data? It's really hard to erase all traces of someone without deleting things you shouldn't. Just mark them as deleted, locked or inactive and deal with it that way.
您可以将用户标记为已删除,然后每当您显示涉及该用户的任何内容时,您都会将名称显示为“前用户”或其他名称。
这可以保护离职用户的身份,而不会破坏您的内容。
You could just mark the user as deleted and then whenever you display any content involving that user then you display the name as "Ex-User" or something.
This protects the departed users identity without destroying your content.
您应该保留所有内容并将用户标记为已删除,这样其他用户将无法看到他或她的个人资料、用户名等。然后另一个用户应该能够使用相同的名称注册(因为它应该是免费的)。
You should keep all the content and just mark user as deleted so other users won't be able to see his or her profile, username etc. Then another user should be able to register by the same name (since it should become free).
我已经思考这些同样的问题很长一段时间了。 老实说,如果其他人为此贡献了时间和精力,那么您不应该删除由要删除的用户发起的线程。 我记得在一个论坛上有一条规则,你不能在帖子发布 11 小时后删除你的帖子。 我想背后的想法是,一旦说出的话就不能收回。
因此,最好锁定帐户,但不要级联删除与用户相关的任何内容。
特别是,这样他们就可以删除自己的帐户,然后以相同的名称注册并重新开始。
I've been thinking about these same issues for quite some time. Honestly you shouldn't delete a thread started by a user-to-be-deleted if the other people have contributed their time and efforts to it. I remember on one forum there was a rule you can't delete your thread after somewhat 11 hours after it's been published. I guess the idea behind is that you can't take your word back after you've pronounced it.
So, better lock account but don't cascade-delete anything in relation to user.
Especially, so that they can delete their account, then register under the same name and start it all over again.