You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please use the 馃憤 reaction to show that you are interested into the same feature.
Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
Subscribe to receive notifications on status change and new comments.
Is your feature request related to a problem? Please describe. oc_bruteforce_attempts table leaks a lot of personal data like IP addresses combined with usernames and timestamps.
Describe the solution you'd like
Hash the IP and username with a oneway function before inserting it. This still allows Nextcloud to detect and block bruteforce attempts, while not storing any additional information.
Nope. The plan is still to use subnets as fallback at some point. Which we can't do if they are hashed.
Also it is only hiding the symptones. MD5-ing the ipv4 for example. You can still reverse it because your initial space is so small.
The plan is still to use subnets as fallback at some point.
We can also compare hashes of subnets.
You can still reverse it because your initial space is so small.
Sure, but it raises the costs to do so. At least if not just plain MD5 is used.
It's easy to exclude IP addresses from logs but here the smallest possible needs to be stored to provide the functionality. The full address gives you more information than required.
How to use GitHub
Is your feature request related to a problem? Please describe.
oc_bruteforce_attempts
table leaks a lot of personal data like IP addresses combined with usernames and timestamps.Describe the solution you'd like
Hash the IP and username with a oneway function before inserting it. This still allows Nextcloud to detect and block bruteforce attempts, while not storing any additional information.
Describe alternatives you've considered
The text was updated successfully, but these errors were encountered: