Comments (5)
rullzer
commented on June 11, 2024
It is not really possible to work without hashed ips. As the algorithm uses the actual ip layout to learn the structure.
For now your only option is then to not enable the app.
from suspicious_login.
bpcurse
commented on June 11, 2024
@rullzer Thanks for your fast reply :)
ip addresses
From a legal view: If it is technically impossible or if there is no other way to reach the desired outcome or if it takes extreme effort to use hashed ip addresses for this purpose, it should be ok to use unhashed ip adresses, as long as the privacy statement is consequently altered to reflect the situation and inform the user (assuming a typo in "It is not really possible to work without hashed ips.").
Alternate proposal: Would it be possible and sufficient to simply strip the last octet on ipv4 addresses?
user names
Although hashing the user names would have only a limited effect at first (an admin could compare all hashes taken from the user table) it should be done from a legal compliance view and it would have the advantage, that after deleting a user, the data could probably remain stored for training purposes as it is de facto anonymized (assuming the user name is consequently wiped from all db tables - including other apps - after account deletion).
from suspicious_login.
j-ed
commented on June 11, 2024
It is not really possible to work without hashed ips. As the algorithm uses the actual ip layout to learn the structure.
For now your only option is then to not enable the app.
I thought this app should be a tool for an administrator to identify suspicious logins so that he's able to block this attempts or lock a problematic account etc. How should this be possible without knowing the ip addresses or a user name? Without valuable output this app would only provide a nice graph without further value.
from suspicious_login.
ChristophWurst
commented on June 11, 2024
Nope, it's for the users. They get the notification. In any case you can still hash the UIDs if you also hash the UID when a user logs in. Of course this assumes that a hash function is used that always produces the same output for a given input.
from suspicious_login.
rullzer
commented on June 11, 2024
Of course if you hash then uniquely enough. But if it is unique enough then guessing/calulating the ips is not to hard.
Take ipv4 as an example.
If you hash this with md5 already. It is very likely that for the majority of the servers there are no collisions.
For me to iterate all ip addresses (or likely ip addresses) to see if they match up. Is not that hard. Takes some time but is rather straight forward.
The 'easier' thing is to maybe have a setting in the admin. Where you can chose. You could drop the least significant octet Or (or just a few bits?) without losing all functionality. And still anonymizing a bit more.
from suspicious_login.
Related Issues (20)
- Memory consumption
- Log spam `jsonSerialize() should either be compatible with` HOT 1
- Setup psalm
- ValueError: random_int(): Argument #1 ($min) must be less than or equal to argument #2 ($max) HOT 10
- New login location detected email messages HOT 1
- App icon is inverted on app management
- Replace lint.yml with split workflows
- Dependency Dashboard
- Update rubixML HOT 15
- App not passing integrity check in v26/25 HOT 3
- Too verbose logs when model not found HOT 1
- Unit tests don't execute against php 8.2
- Add button to email notifications to get more info about the suspicious ip HOT 1
- A new login into your account was detected - really a login, or just a try? HOT 1
- Drop support for PHP 7.4 HOT 2
- PHP unserialize(): Error at offset HOT 5
- 0 rows on login_address table HOT 1
- Version on app store and compatible versions HOT 1
- Investigate feasibility of use in 32-bit environments HOT 2
- Email Notification: New login location detected HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from suspicious_login.