• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Protecting the identity of people browsing my website

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Anonymity // Privacy // Spam

View previous topic :: View next topic  
Author Message
JsutJames
Just Arrived
Just Arrived


Joined: 26 Feb 2008
Posts: 0


Offline

PostPosted: Tue Feb 26, 2008 1:24 am    Post subject: Protecting the identity of people browsing my website Reply with quote

I have a couple of questions regarding the privacy of people browsing my website.

It's possible for a website to know the IP of those connected to it, right? So I'm assuming it's possible for a hacker to be able to find out that info and see who is connected to a website at any particular time.

Is there any way to stop a hacker from being able to identify the members / connections to a website? If I use SSL will that encrypt or hide the users' IP and other identifiable information?

Thanks for your help.
Back to top
View user's profile Send private message
AdamV
SF Mod
SF Mod


Joined: 06 Oct 2004
Posts: 24
Location: Leeds, UK

Offline

PostPosted: Wed Feb 27, 2008 12:25 am    Post subject: Reply with quote

For someone to establish and maintain a connection to a webserver (or any other computer) that computer must be able to see their IP address. The operating system network stack, at the very least, must see it. If any application chooses to use the IP to decide what access will be given (eg only accepting connections from a range of known addresses) then it will also have to see this information.
However, there may be no need for the web application to store the information in any way for future reference.

A typical web hack might target an exploit in the web application itself to get at the data which runs the site, or sits on databases behind it. So if the IP's are not stored by the application it would be safe from these attacks.

If an attacker could get through to see the logs on the server they could potentially see historical connections, and probably live ones as well.
Back to top
View user's profile Send private message Visit poster's website
JsutJames
Just Arrived
Just Arrived


Joined: 26 Feb 2008
Posts: 0


Offline

PostPosted: Wed Feb 27, 2008 12:53 am    Post subject: Reply with quote

Thanks for your help Adam, that's very interesting information. I'm fairly careful with security but this is the first job I've had where someone is highly concerned with protecting the site users' identities.

I see what you're saying about the web hack and I take the point - only things that are available in the database to the website itself would be available to a web hacker. That's good news, I think, as the server logs etc would be harder to get to through the web front-end (or impossible), right? We're already designing it to hold very minimal user information within the system itself so that if a login is breached nothing identifiable would be accessible.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Anonymity // Privacy // Spam All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register