On 8/30/06, Gregory Maxwell <gmaxwell(a)gmail.com> wrote:
It can be easily configured so that anyone with access
to the secret
has privileged access to the server and, already, anyone with
privileged access to the server could be logging IPs.
Yes, but again, there's no good reason to allow anyone without
privileged access to the server to see the IPs in the first place,
encoded or not, so why bother encoding them for storage? *If* you're
going to allow people to view the connections the way AOL did, you may
as well assign arbitrary numbers (say, chronologically) rather than
some encoded form of the IP, since that's easier to implement *and*
more secure, if only marginally.