Two comments. - what use would a hashed IP address be to anyone? I think the original request was for the IP address for geolocation purposes, and then I chimed in saying we should have it to help respond to abuse complaints. A hash of the IP is not useful for either purpose.
- don't use straight md5 or sha1 to obfuscate something with low entropy like an IP address. You need a salt, at least, or probably an HMAC or even a one-time pad depending on your goals. If you use an unsalted hash then building up a dictionary mapping from the hash to the original IP is easy. On Tue, Feb 26, 2008 at 1:53 AM, Akash Xavier <[EMAIL PROTECTED]> wrote: > Hi everyone! > Perhaps, we solve this by a different solution. I don't know whether I am > right but I think this can be done. > The container can set a cookie which contains the value of the ip address of > the viewer in some encrypted form (like something md5 or sha1 value of the > IP), this can be done by the server side script (what ever language, java or > php). > This value can then be passed to the app's server by the javascript when > making the call to the app's server for some data. > > IMO an an encrypted value is enough. I think server-side encryption is the > solution to protect the user's privacy (and also from gadget authors > exploiting their IP data). > > On Tue, Feb 26, 2008 at 7:35 AM, Kevin Brown <[EMAIL PROTECTED]> wrot > > > > > Actually, you're right -- we won't be forcing images through a proxy most > > likely, so they could always use that vector if they really wanted to > > steal > > IPs. > > > > On Mon, Feb 25, 2008 at 5:57 PM, Brian Eaton <[EMAIL PROTECTED]> wrote: > > > > > On Mon, Feb 25, 2008 at 5:47 PM, Kevin Brown <[EMAIL PROTECTED]> wrote: > > > > Caja will eliminate this in the long run (as well as my other > > proposed > > > way > > > > to steal the IP). > > > > > > I'm not sure I believe this. In theory, sure. In practice I suspect > > > that a policy that prevented the IP address from leaking in any > > > possible way would also make it very difficult to write cool gadgets. > > > > > > I hope to be proved wrong, though. > > > > > > Cheers, > > > Brian > > > > > > > > > > > -- > > ~Kevin > > > > If you received this email by mistake, please delete it, cancel your mail > > account, destroy your hard drive, silence any witnesses, and burn down the > > building that you're in. > > > > > > -- > Akash Xavier > [EMAIL PROTECTED] >
