Remove last digits of IP in server logging (default) #578
Conversation
|
Sorry, I strongly object to having this information removed. If I'm providing a public service and someone chooses to use it, they choose to expose their IP address. |
|
It's also a potential security flaw, as it anonymises clients, enabling DDoS attacks more easily. I can't see that it provides any benefits at all. |
|
I also don't think this is a good idea - it's not effective anonymisation, and it just makes the server operator's life harder. Better to document that the logs contain addresses and you should treat them like logs from any other server, i.e. use something like logrotate to manage retention. |
|
What does @corrados think? Should it be closed or should the default behavior be changed to "show full IPs in log except if server is started with e.g. —anonymizeip“? I strongly believe that there should be a way in jamulus that anonymizes IPs. It does not have to be the default setting. Adding it would be more easy for the server admin to decide also if he can’t compile jamulus himself |
|
I actually agree with the others. I think the IP address is an essential part of the server operation. If a user does not want to see and log any IP address, he can run the server headless with std-out piped to the null device and do not use the logging feature. |
|
Ok. If you think that’s ok like this, I‘ll close the PR (although I don’t see a problem with opt in to hide IP). If it comes up again, the code is still there. |
My proposal in #576 (comment)
To be discussed.