[tor-bugs] #9170 [Flashproxy]: Don't log IP addresses by default in flashproxy.js
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Jun 29 15:55:14 UTC 2013
#9170: Don't log IP addresses by default in flashproxy.js
------------------------+---------------------------------------------------
Reporter: dcf | Owner: dcf
Type: defect | Status: needs_review
Priority: major | Milestone:
Component: Flashproxy | Version:
Keywords: | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
Changes (by arlolra):
* status: needs_revision => needs_review
Comment:
Replying to [comment:2 dcf]:
Made the requested revisions and updated the patch.
> Did you find any other places where a client address could be logged?
I looked through all the `puts()`. There were three error conditions worth
scrubbing, though that may hinder bug reports.
Not sure if you want to try and mitigate it but if Xhr logging is enabled
in the console then a lot of this info is visible. It may be worth
changing the facilitator polling method from GET to POST to avoid the
query string parameters.
"Firefox can't establish a connection to the server at
ws://xxx.xxx.xxx.xxx:xxxx/." can probably be caught and safely discarded.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9170#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list