Opened 5 years ago

Closed 5 years ago

#2342 closed task (fixed)

OSGeo UserID registration logs contain unusable IP address

Reported by: strk Owned by: sac@…
Priority: critical Milestone: Sysadmin Contract 2019-II
Component: SysAdmin Keywords: ldap
Cc: robe


They log IP address of the gateway (ngnix?) Example: ... registered from .... ... registered from fd42:a5ff:18d2:7141:216:3eff:feff:3c88 ...

Note that: domain name pointer nginx.lxd. domain name pointer nginx.lxd.

Change History (5)

comment:1 by strk, 5 years ago

Milestone: Sysadmin Contract 2019-II
Priority: normalcritical

The problem also affects the email sent to the registering user, which would be told that "someone from <internal_ip> requested an OSGeo account creation". This is a security issue as well as a user-facing issue.

comment:2 by strk, 5 years ago

The scripts are using REMOTE_ADDR env variable to retrive the user IP. What should then be changed to do ?

comment:5 by strk, 5 years ago

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.