psuedonymity and apache
I am interested in finding a way to make apache be pseudo-anonymous in its
logging. Your actions would be traced to your pseudonym, but NEVER to
your actual identity. I've got some php scripts that currently act on IP
addresses to see if you've already done something so you don't do it
again, but I really don't like logging people's IP addresses when
possible.
However, there are a number of reasons why a webserver would not want
true anonyminity (in otherwords I dont just want to change LogFormat to
remove IPs completely), such as dealing with abuse, log analysis (analog
uses IP addresses to make a best guess of unique visitors based on IP),
etc.
I thought of saving IPs by doing a one-way hash on them (like a md5 sum?)
which would preserve the uniqueness of the IP but also preserve the
anonyminity - however in hashing IPs the search space is too small, with
a big iron you could run through the possible hashes in about an hour, so
it could be undone without much effort. IPv6 would change this of course.
Is there an apache mod to do this? Has someone done this with a mod_perl
thing? Does anyone have any good ideas on how to do this? I am looking
for specifics, not something like "Write a perl script, that'll do it".
Thanks!
Micah
Reply to: