Avoid IP leakage in traces

Question

Avoid IP leakage in traces

Closed this issue 7 years ago · 3 comments

emanuelb commented 7 years ago

The following issues that has stack-traces contain 'Client IP' field
#157
#142
#141
#134
#150

fix:

if possible don't store client IP (is it needed/used?)
if IP information is needed/stored, consider masking(remove latest 2 bytes)/hashing it in logs/traces.

Answer 1 · 2017-07-01T06:22:59.000Z

It's not really needed, it's coming from standard CakePHP logging.

Answer 2 · 2017-07-01T06:24:45.000Z

I've removed it from the issues. On the other side, there are many logs on the web server which will store the IP address, so I don't think this is worth addressing besides taking care of not disclosing them when creating issues on GitHub.

Answer 3 · 2017-07-01T09:13:58.000Z

The webserver IP storage in logs can be addressed also by general solutions to IP logging:

not log IPs.
Log masked values (2 bytes stripping is recommended) see: https://piwik.org/docs/privacy/#step-1-automatically-anonymize-visitor-ips
Hashed values (preserve same IP detection always) or encrypted-with-throw-away-keys (preserve same IP detection between rotation of encrypted keys, see slides 23-25 in https://www.eff.org/hope9/privacy-tricks)

taking care of not disclosing them when creating issues on GitHub.

it's better to come up with solution that doesn't rely on taking care, such as disabling output of Client-IP in CakePHP traces.

I've removed it from the issues.

👍 here the last remaining issues that contain ClientIP to remove:

#135
#136
#137
#138
#140

non stacktrace error:
#72