From 45834176c161ac983e52879e930aff53094bb01c Mon Sep 17 00:00:00 2001 From: Kyle Drake Date: Fri, 7 Jul 2017 14:05:00 -0700 Subject: [PATCH] remove scrypt, update ext gems, fix legal info doc --- Gemfile | 1 - Gemfile.lock | 22 ++++++++-------------- models/site.rb | 5 ----- views/legal.erb | 7 ++++--- 4 files changed, 12 insertions(+), 23 deletions(-) diff --git a/Gemfile b/Gemfile index c1405e4e..b5bfabd0 100644 --- a/Gemfile +++ b/Gemfile @@ -21,7 +21,6 @@ gem 'sass', require: nil gem 'dav4rack', git: 'https://github.com/planio-gmbh/dav4rack.git', branch: 'redmine-storage' gem 'filesize' gem 'thread' -gem 'scrypt' gem 'rack-cache' gem 'rest-client', require: 'rest_client' gem 'addressable', require: 'addressable/uri' diff --git a/Gemfile.lock b/Gemfile.lock index 697ca5a0..c5c5ec1a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -77,9 +77,6 @@ GEM loofah (>= 2.0) sax-machine (>= 1.0) ffi (1.9.18) - ffi-compiler (1.0.1) - ffi (>= 1.0.0) - rake filesize (0.1.1) fspath (3.1.0) gandi (3.3.27) @@ -133,7 +130,7 @@ GEM metaclass (0.0.4) method_source (0.8.2) mime-types (2.99.3) - mini_portile2 (2.1.0) + mini_portile2 (2.2.0) minitest (5.10.2) minitest-reporters (1.1.14) ansi @@ -155,13 +152,13 @@ GEM net-ssh (>= 2.6.5) net-ssh (4.1.0) netrc (0.11.0) - nokogiri (1.7.2) - mini_portile2 (~> 2.1.0) - nokogumbo (1.4.11) + nokogiri (1.8.0) + mini_portile2 (~> 2.2.0) + nokogumbo (1.4.13) nokogiri ox (2.5.0) paypal-recurring (1.1.0) - pg (0.20.0) + pg (0.21.0) poltergeist (1.15.0) capybara (~> 2.1) cliver (~> 0.3.1) @@ -213,10 +210,8 @@ GEM nokogumbo (~> 1.4.1) sass (3.4.24) sax-machine (1.3.2) - scrypt (3.0.5) - ffi-compiler (>= 1.0, < 2.0) - sequel (4.46.0) - sequel_pg (1.6.18) + sequel (4.48.0) + sequel_pg (1.7.0) pg (>= 0.8.0) sequel (>= 4.0.0) shotgun (0.9.2) @@ -340,7 +335,6 @@ DEPENDENCIES rye sanitize sass - scrypt sequel sequel_pg shotgun @@ -361,4 +355,4 @@ DEPENDENCIES zipruby BUNDLED WITH - 1.14.6 + 1.15.1 diff --git a/models/site.rb b/models/site.rb index ace36768..3830151b 100644 --- a/models/site.rb +++ b/models/site.rb @@ -310,7 +310,6 @@ class Site < Sequel::Model return false if ENV['RACK_ENV'] == 'production' && ip == '127.0.0.1' return false if ip.blank? return true if Site.where(is_banned: true). - where(ip: [ip, hash_ip(ip)]). where(['updated_at > ?', Time.now-BANNED_TIME]). first @@ -319,10 +318,6 @@ class Site < Sequel::Model false end - def hash_ip(ip) - SCrypt::Engine.hash_secret ip, $config['ip_hash_salt'] - end - def ssl_sites select(:id, :username, :domain, :ssl_key, :ssl_cert). exclude(domain: nil). diff --git a/views/legal.erb b/views/legal.erb index fdad2f60..f417b541 100644 --- a/views/legal.erb +++ b/views/legal.erb @@ -115,12 +115,13 @@

- Retention of IP address information. For security and privacy reasons, Neocities does not store plain-text IP addresses. All IP addresses stored in Neocities are cryptographically hashed using scrypt before being inserted into our database. You are invited to inspect the code that does this in our code repository. + Retention of IP address information. For security and privacy reasons, Neocities does not archive plain-text IP addresses. All IP addresses stored in Neocities are deleted after a certain time. You are invited to inspect the code that does this in our code repository.

- We currently store these hashes permanently, but soon will be removing them after 30 days. - After 30 days, those hashes are removed from our database. That means that we can never provide a plain-text IP address, because we lack the means to derive it from the cryptographic one-way hash. And after 30 days, we will have no information on the user's IP address, not even a hash. + Retention of IP address information. + We currently store IP addresses of who created a site, but soon will be removing them after 30 days. + That means that we will not be able to provide a plain-text IP address, because we lack the means to provide it.