> > (Moving thread to Infra list as my question is not a legal one) > > What is the proposed hashing anonymizing scheme for the IP addresses? > How can you do this securely? Keep in mind that an attacker can > control some of the hashes in the public logs (by visiting the web > servers with various ip addresses). http://stackoverflow.com/questions/4552566/logging-ip-address-for-uniqueness-without-storing-the-ip-address-itself-for-priv has some ideas, but no great clear answer. http://bug.st/mod_anonstats seems to use md5. I'm assuming the consumer of these logs will process them after they are hashed? In which case we do need to make sure the same ip hashes to the same hash ? Or could we process them first, then hash the ip before making the data public? kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
