Internal-Security Finding #1: Logging Identifiable User Information

[defuse]

It looks like the code logs light clients' IP addresses when they make API requests, e.g. here. Logging this information makes it vulnerable to theft when the lightwalletd server gets hacked in the future. Close this by only logging minimal amount of information and/or make logging off-by-default.

[gtank]

Deployers may reasonably want some affordance for rate-limiting, though. One solution is a structure-preserving anonymization like cryptoPAN.

There's an implementation by Yawning at https://github.com/Yawning/cryptopan, but I haven't audited it and suspect even they would advise we could redo it faster/better now.