django-auditlog icon indicating copy to clipboard operation
django-auditlog copied to clipboard

Published 20 hours ago verified publisher icon jazzband

Possibility to disable logging remote IP address

Open travenin opened this issue 1 year ago • 2 comments

django-auditlog stores remote IP address to remote_addr field of LogEntry. However, IP address can be considered personal data, at least according to GDPR. An application that I'm developing uses django-auditlog to log data changes (who did what and when), but user IP address is not essential information, and therefore should not be stored.

Also, it's not very visible that audit log stores remote IP address at all. It's not visible in admin view for example.

Is there a way to disable storing remote address?

travenin avatar May 04 '23 08:05 travenin

No, there is no way right now.

You can create a custom middleware inherited from AuditlogMiddleware and disable remote IP address and use it:

from auditlog.middleware import AuditlogMiddleware


class AuditlogMiddlewareWithoutIP(AuditlogMiddleware):
    @staticmethod
    def _get_remote_addr(request):
        return None

Also, we can add a config flag to disable this behavior by configuration

hramezani avatar May 04 '23 08:05 hramezani

Thank you for a quick reply. I have to go with custom middleware for now. But a config flag would be very appreciated in future versions. :+1:

travenin avatar May 04 '23 09:05 travenin

I have created a PR for this purpose : #620

Nathan-Cohen avatar Mar 21 '24 10:03 Nathan-Cohen

Thanks @Nathan-Cohen for fixing this

hramezani avatar Mar 31 '24 00:03 hramezani