The purpose of this checklist is to highlight some issues, both coding and statistical, which need to be considered when either developing or auditing an analysis package.
- Ensure only intended methods are in “AggregateMethods” and “AssignMethods” sections of DESCRIPTION (or inst/DATASHIELD) file.
- Ensure that values which are “eval”ed are thoroughly checked before the eval is performed.
- When splitting a client side operation into two phases on the server side, ensure that intervening operations can't …
- Don't rely on Client side error checking …
- Tidy up intermediate objects that are created on the server side and not needed for the result to avoid accidental leakage from those objects
- If you are repackaging an existing function from another package, have you reviewed the object returned by that function and removed any disclosive content? Some functions return the data they used for a calculation, which would be very disclosive!
- What existing disclosure thresholds do you use (e.g. minimum cell size) and what new settings do you introduce?
-