New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GDPR: customer ip addresses saved in logs #7155
Comments
@Manuel-Innovapps You've written "1. Enable setting customersettings.storeipaddresses". But in this case IP addresses will be store in the [Customer] table as well. Did you mean "1. Disable setting customersettings.storeipaddresses"? So when disabled, then IP address should not be stored in [Customer] and [Log] tables? |
@AndreiMaz I'm sorry for the confision, this is exactly what I meant. They should especially not be stored in logs, if a customerId is passed. But I think generalizing to all logs should work out just fine. |
nopCommerce version: 4.60.x +
Steps to reproduce the problem:
customersettings.storeipaddresses
Based on the GDPR this is not allowed, as with this log file the displayed IP address can be directly associated with the customer.
Proposed solution:
If
customersettings.storeipaddresses
is disabled, IP addresses in the logs should not be stored for registered customers (or even any customers).nopCommerce/src/Libraries/Nop.Services/Logging/DefaultLogger.cs
Lines 191 to 201 in 8ad98f3
The text was updated successfully, but these errors were encountered: