[Fedora-legal-list] Making Infrastructure httpd logs public
Kevin Fenzi
kevin at scrye.com
Wed Apr 18 15:56:44 UTC 2012
>
> (Moving thread to Infra list as my question is not a legal one)
>
> What is the proposed hashing anonymizing scheme for the IP addresses?
> How can you do this securely? Keep in mind that an attacker can
> control some of the hashes in the public logs (by visiting the web
> servers with various ip addresses).
http://stackoverflow.com/questions/4552566/logging-ip-address-for-uniqueness-without-storing-the-ip-address-itself-for-priv
has some ideas, but no great clear answer.
http://bug.st/mod_anonstats seems to use md5.
I'm assuming the consumer of these logs will process them after they
are hashed? In which case we do need to make sure the same ip hashes to
the same hash ? Or could we process them first, then hash the ip before
making the data public?
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20120418/5af984c9/attachment.sig>
More information about the infrastructure
mailing list