crowdAI / crowdai

Fighting for Open Science with Open Data
https://www.crowdai.org
GNU Affero General Public License v3.0
149 stars 32 forks source link

Is there any reason why we need to log IPs? #820

Closed marcelsalathe closed 6 years ago

marcelsalathe commented 6 years ago

Security concerns re people trying to game the system? @spMohanty?

If not, let's delete those fields in the database.

spMohanty commented 6 years ago

@marcel.salathe: while the exact IP is not important, its still is very useful to know that a unique IP was used to access a service say 10000 times. I would propose simply storing an encrypted version of the IP; and we choose a one way encryption to ensure that we can never decrypt it. That way we do not have the actual ip of the user, but we still have a unique identifier for all points that were used to access any of the services.

scarroll32 commented 6 years ago

They have already been deleted from the Rails app to support GDPR.

I see you point Mohanty but I don't think we currently have the need for this, and there are plenty of other priorities right now.

scarroll32 commented 6 years ago

Closing