SharePoint Suvey - Security Questions
Hi folks, I work for government and we have all sorts of security to go through, to protect peoples' privacy. I'm looking to create a survey using SharePoint to gather information from a focus group. I created a simple survey that does not show names in the results. Simple enough, but now I'm being asked if SharePoint tracks the IP addresses of people that go to the survey and if so, how safe and secure is it? Or is there a way that someone can trace back an IP address to an individual that participated in the survey? Anyone with experience on this happen to know?
July 13th, 2011 3:19pm

The SharePoint survey itself does not store or track the IP address to my knowledge. The SharePoint site does look at the IP address and store IP addresses for the purpose of seeing if this is a unique user. However, on the server itself that hosts SharePoint you can see timestamped logons with username, IP, computer name, etc. BUT it would be EXTREMELY difficult to track what they did and where on SharePoint looking at this log unless you have very few users that rarely sign on. (this is in IIS Log, and in Security log). For instance, in an environment of approximately 200 people there's ~4 entries per SECOND - and remeber it just means they logged on somewhere in the site. One other thing I'd like to mention is that anyone who has rights to the survey higher than Contributor (meaning Design rights and above) can modify the settings of the survey - if everyone submits their answer and a highly privileged user modifies the settings to show user names those names will now appear. But, as long as you make sure only trustworthy people have this power, then it's completely fine to do it this way. If you want a survey to be truly anonymous I give out the same username to everyone and have them complete the survey using that (i.e. username = SurveyTaker; Password = Survey1). You would need to allow multiple responses on the survey and hide the results so that they can't edit existing submissions.
Free Windows Admin Tool Kit Click here and download it now
July 13th, 2011 4:52pm

Hi, Regarding the access , it will be accessed only by the people to whom you have provided access. If you want to know the IPs then you need to analyze the IIS logs for the webApplication holding this survey. If you have multiple WFEs then you need to anylyze the logs from each WFE. In an aleternative way configure your load balancer to send requets for the site holding the survey to only one WFE. In this way your efforts will be minimized. I hope this will help you out. Thanks, Rahul Rashu
July 13th, 2011 7:08pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics