Host cloaking option in addition to %h and %i for username / realname.

[voice06]

I am in the process of testing this new version of Kiwi and a security concern came up as the options %h and %i for username and realname would leak a user's Internet address. One of the questions that came up is is there a way to implement cloaking similar to how ircds handle it so that these would be predictable for banning purposes but not fully expose a user.

I'm sure many ircds do this in different ways but heres one implementation: https://github.com/evilnet/nefarious2/blob/master/ircd/ircd_cloaking.c

[prawnsalad]

Cloaking is down to the IRCd, not the gateway. You would normally not use %h or %i and configure webirc/cgiirc so the users hostname is passed correctly to the IRCd. The IRCd then cloaks it as normal.