Hi, when anonymous voting is allowed we store the IP address of the visitor to make a record of its priorities for future retrieval. However storing the IP address in plain text in the database can be seen in some cases as antinomian with 'anonymous voting'. Indeed we don't need to access directly to the IP address we only need to be sure that the actual visitor is the one that has already voted. Hence a hash of this address can do the job. My proposal here goes for using md5(). It isn't the most secure hash function however we only need to avoid 'direct' looking at the IP address if one gains malicious access to the database. See attached file. Regards.

**Before trying this patch, backup your database if you have any priorities' votes stored in it.**

CommentFileSizeAuthor
HashIpForAnonymous.diff2.17 KBec

Comments

gibus’s picture

gibus commented
Status: Active » Fixed

OK in 6.x-2.19.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.