Do we really want to promote them checking X-User-IP though? Couldn't an
abusive user just send this IP anyway?
It's probably useful to send it for systems that have some sort of DOS
prevention mechanism though, but I'm not sure we should encourage anyone to
actually rely on it.
On Mon, Feb 25, 2008 at 3:22 PM, Brian Eaton <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED],
> [EMAIL PROTECTED]
>
> Should the open proxy in Shindig forward an X-User-IP header with the
> client's IP to servers the client instructs us to contact?
>
> I'm concerned that the open proxy in Shindig will become a vector for
> abuse. Sending the client IP will make it slightly easier for the
> admins of targeted servers to blame the perpetrator rather than the
> Shindig server.
>
> Cheers,
> Brian
>
>
> ---------- Forwarded message ----------
> From: Kevin Brown <[EMAIL PROTECTED]>
> Date: Mon, Feb 25, 2008 at 3:18 PM
> Subject: Re: Passing in the client IP
> To: [EMAIL PROTECTED]
>
>
> That's a discussion worth having on the shindig mailing list,
> probably, but it's a different issue than what I think Paul is trying
> to address.
>
>
>
> On Mon, Feb 25, 2008 at 3:13 PM, Brian Eaton <[EMAIL PROTECTED]> wrote:
>
> >
> > Providing an X-User-IP header for requests sent through the proxy
> > service might help reduce abuse of the open proxy in Shindig.
> >
> >
> > On Mon, Feb 25, 2008 at 11:38 AM, Bruno Bowden <[EMAIL PROTECTED]> wrote:
> >
> >
> >
> > > Geolocation is difficult to do well. For example AOL users across the
> > > country getting mapped to the same IP address in Virginia. User
> preference
> > > data can be helpful but what if they travel? There's also serious
> issues
> > > surrounding user privacy, which vary from country to country.
> > >
> > > Ultimately it should be Shindig's responsibility to draw on as much
> > > information sources as possible and make a best guess.
> > >
> > > Syntax:
> > > Use ints for lat / lon, representing data in microdegrees (more
> accuracy
> > > than using a 4 byte float). This gives up to 14m resolution, so the IP
> > > geotargeting will be a more limiting factor. For example, 145 degrees
> =>
> > > 145,000,000.
> > >
> > > Example:
> > > var prefs = new gadgets.Prefs();
> > > var lat = prefs.getString("lat");
> > > var long = prefs.getString("long");
> > >
> > >
> > >
> > >
> > > On Mon, Feb 25, 2008 at 7:03 AM, Kevin Marks <[EMAIL PROTECTED]>
> wrote:
> > >
> > > > Why not use the location information in the viewer/owner person info
> for
> > > this?
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > On Mon, Feb 25, 2008 at 2:21 AM, Paul Lindner <[EMAIL PROTECTED]>
> wrote:
> > > >
> > > > > At a recent hackathon a developer wanted to be able to query the
> IP
> > > > > address of the client invoking the gadget. The developer wanted
> to
> > > > > use this for geolocation.
> > > > >
> > > > > Considering that it might be useful to include other http headers
> too,
> > > > > cookies, languages, etc.
> > > > >
> > > > > It seems like it would be fairly easy for the gadget server to
> inject
> > > > > this information.
> > > > >
> > > > > I am unsure what the API to access this information would be like.
> > > > >
> > > > > --
> > > > > Paul Lindner ||||| | | | | | | | | |
> > > > > [EMAIL PROTECTED]
> > > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> > > >
> > >
> >
> >
> >
>
>
>
> --
> ~Kevin
>
> If you received this email by mistake, please delete it, cancel your
> mail account, destroy your hard drive, silence any witnesses, and burn
> down the building that you're in.
>
>
> --~--~---------~--~----~------------~-------~--~----~
> You received this message because you are subscribed to the Google
> Groups "OpenSocial and Gadgets Specification Discussion" group.
> To post to this group, send email to
> [EMAIL PROTECTED]
> To unsubscribe from this group, send email to
> [EMAIL PROTECTED]
> For more options, visit this group at
> http://groups.google.com/group/opensocial-and-gadgets-spec?hl=en
> -~----------~----~----~----~------~----~------~--~---
>
--
~Kevin
If you received this email by mistake, please delete it, cancel your mail
account, destroy your hard drive, silence any witnesses, and burn down the
building that you're in.
