2 comments

[ 3.3 ms ] story [ 14.1 ms ] thread
This looks really good Mr Gauberger, and a necessary addition to the arsenal, so thank you very much. I only have one question: you say that the client-side IPs are logged to check the smooth running of the system (or similar). Is that metadata persistent, that is ,potentially available to an attacker? or is it short-lived?
Right now client IP's are logged in the web logs as part of logging requests. Logs are kept up to 7 days.