how do we authenticate a user in Rasa bot as in user identification and authenticating …if I create a custom action and get some details can I secure them in any way to avoid data breach. As all that user types will be stored in db .Also Via Rasa x I can see conversation as well though anonymously …
Also Via Rasa x I can see conversation as well though anonymously
Rasa X does currently not scrub sensitive data or anonymise data.
how do we authenticate a user in Rasa bot as in user identification and authenticating
That should either be done
- before the user sends a message to the bot
- as part of a custom input channel
- as part of a custom action
Maybe you can describe your infrastructure / flow a bit so I can get a better picture of the situation
Suppose I have to make a financial bot where i ask my user all those little details .Currently via website people do they get put their cvv, card ,and pin or whatever when you make a transaction suppose I want bot to take care of this .
- Is it advisable to involve bot in this scenario bcoz it will help lot of manual work .
- How will I protect user data and his identity when he makes this transaction. As in via rasa x i can see every conversation that happens in a channel its not hard for a hacker to get hold of sensitive info if passed via bot.
Very good point. The problem is, that it’s very hard to scrub all personal information with a 100 percent certainty, especially since some of the information is required in some followup turns within a conversation (which means we have to store the information at least for a short time). I’d say there are two possible approaches:
- delete the data as soon as it’s not longer required (e.g. by implementing a custom tracker store and / or custom event broker
- make sure only authorized persons can access the data which means
- securing the database
- securing the API
- allowing access to Rasa X only for authorized team members or use Rasa Enterprise which comes with role based access control
So you can definitely use a Rasa assistant for this use case but you need a good concept, when and where this sensitive information is exposed.