[EMAIL PROTECTED],
[EMAIL PROTECTED]
Should the open proxy in Shindig forward an X-User-IP header with the
client's IP to servers the client instructs us to contact?
I'm concerned that the open proxy in Shindig will become a vector for
abuse. Sending the client IP will make it slightly easier for the
admins of targeted servers to blame the perpetrator rather than the
Shindig server.
Cheers,
Brian
---------- Forwarded message ----------
From: Kevin Brown <[EMAIL PROTECTED]>
Date: Mon, Feb 25, 2008 at 3:18 PM
Subject: Re: Passing in the client IP
To: [EMAIL PROTECTED]
That's a discussion worth having on the shindig mailing list,
probably, but it's a different issue than what I think Paul is trying
to address.
On Mon, Feb 25, 2008 at 3:13 PM, Brian Eaton <[EMAIL PROTECTED]> wrote:
>
> Providing an X-User-IP header for requests sent through the proxy
> service might help reduce abuse of the open proxy in Shindig.
>
>
> On Mon, Feb 25, 2008 at 11:38 AM, Bruno Bowden <[EMAIL PROTECTED]> wrote:
>
>
>
> > Geolocation is difficult to do well. For example AOL users across the
> > country getting mapped to the same IP address in Virginia. User preference
> > data can be helpful but what if they travel? There's also serious issues
> > surrounding user privacy, which vary from country to country.
> >
> > Ultimately it should be Shindig's responsibility to draw on as much
> > information sources as possible and make a best guess.
> >
> > Syntax:
> > Use ints for lat / lon, representing data in microdegrees (more accuracy
> > than using a 4 byte float). This gives up to 14m resolution, so the IP
> > geotargeting will be a more limiting factor. For example, 145 degrees =>
> > 145,000,000.
> >
> > Example:
> > var prefs = new gadgets.Prefs();
> > var lat = prefs.getString("lat");
> > var long = prefs.getString("long");
> >
> >
> >
> >
> > On Mon, Feb 25, 2008 at 7:03 AM, Kevin Marks <[EMAIL PROTECTED]> wrote:
> >
> > > Why not use the location information in the viewer/owner person info for
> > this?
> > >
> > >
> > >
> > >
> > >
> > > On Mon, Feb 25, 2008 at 2:21 AM, Paul Lindner <[EMAIL PROTECTED]> wrote:
> > >
> > > > At a recent hackathon a developer wanted to be able to query the IP
> > > > address of the client invoking the gadget. The developer wanted to
> > > > use this for geolocation.
> > > >
> > > > Considering that it might be useful to include other http headers too,
> > > > cookies, languages, etc.
> > > >
> > > > It seems like it would be fairly easy for the gadget server to inject
> > > > this information.
> > > >
> > > > I am unsure what the API to access this information would be like.
> > > >
> > > > --
> > > > Paul Lindner ||||| | | | | | | | | |
> > > > [EMAIL PROTECTED]
> > > >
> > >
> > >
> > >
> > >
> >
> >
> > >
> >
>
>
>
--
~Kevin
If you received this email by mistake, please delete it, cancel your
mail account, destroy your hard drive, silence any witnesses, and burn
down the building that you're in.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google
Groups "OpenSocial and Gadgets Specification Discussion" group.
To post to this group, send email to
[EMAIL PROTECTED]
To unsubscribe from this group, send email to
[EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/opensocial-and-gadgets-spec?hl=en
-~----------~----~----~----~------~----~------~--~---
