Bad Behavior Causing Potential Privacy/Security Issue

  • Bryan Hadaway

    (@bhadaway)


    11 years, 9 months ago

    I like the security that BB adds, but what about securing BB itself?

    For the first time I just realized that BB prints the users’ IP address directly in the source code. While one can respectfully argue that users would only be able to see their own IP address…

    What about if you’re using a caching plugin like W3 Total Cache? Could IP addresses theoretically get cached or is my line of thinking wrong or is there a fail-safe for this anyways?

    Thanks, Bryan

    http://wordpress.org/extend/plugins/bad-behavior/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    11 years, 9 months ago

    Pretty sure your thinking is wrong. 😉

    Try it: visit your site after you’ve cleared your browser’s cache and cookies. Wait until someone else visits your WordPress URL (your server logs will tell you).

    Then visit the site yourself. If you see someone else’s IP address in the HTML code then this will confirm your suspicions.

    If that’s the case, it’s not a security issue. It may be a privacy issue but I doubt that too…

    Thread Starter Bryan Hadaway

    (@bhadaway)

    11 years, 9 months ago

    That’s not the way that I’m considering it being possible, but I certainly still hope I’m wrong for peace of mind.

    What I’m talking about is a caching plugin that stores cached scripts, in this case JS and then serves the same thing to everyone.

    Cache files that could be located and read by a savvy and/or malicious person for what purposes, I don’t know…

    Still, I figured it was a noteworthy possible security hole.

    Thanks, Bryan

    Sunrise12

    (@sunrise12)

    11 years, 1 month ago

    I just noticed the same thing and don’t like it.

    Is it really necessary to output the IP address in the source code?

    Seems like a flaw to me.

    ~ Ana

    Viktor Szépe

    (@szepeviktor)

    10 years, 11 months ago

    I agree: there is a someone else’s (a Vodefone user’s) IP in the page’s HTML source.

    Could you test for WP cache in yor code? And output something else for to be cached paged. (because that page will be served later to everyone)

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Bad Behavior Causing Potential Privacy/Security Issue’ is closed to new replies.