Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] ip-geolocation
From: Gorjan Petrovski <mogi57 () gmail com>
Date: Wed, 29 Jun 2011 13:44:03 +0200

Sorry I wasn't able to help you in time, it was sleeping time here.
I'm writing to Quova and IPInfoDB right away.

Gorjan

On Wed, Jun 29, 2011 at 5:53 AM, Fyodor <fyodor () insecure org> wrote:
On Tue, Jun 28, 2011 at 04:57:54PM -0700, Fyodor wrote:
On Tue, Jun 28, 2011 at 04:46:17PM -0700, Fyodor wrote:
On Tue, Jun 14, 2011 at 02:36:48PM +0200, Gorjan Petrovski wrote:

Hi Gorjan.  The ip-geolocation-quova includes three API keys that you
apparently got by free registration.  When you registered, did it make
you agree to any sort of terms of use?  Does including these
"secret_codes" in Nmap violate their terms?

Even if we keep the API keys in there, the script should have an NSE
argument for people to give their own keys instead.  Can you add that
and document it in the NSEDoc?

These questions and the suggestion applies to the
ip-geolocation-infodb database too.

We needed to build a release, so David and I looked into this.
Quova's makes you agree to their TOS in order to get an API key, and
their TOS seems to pretty clearly ban this sort of usage
(http://developer.quova.com/apps/tos).  So we had to delete the script
for now.  Gorjan: Can you write them and ask for permission to use it
in Nmap?  They'll probably say no or ask for money (which means no in
the case of a free tool like Nmap), but it doesn't hurt to ask.  If
they say no or don't answer, then we'll have to make it so that the
script requires the user to input an API key as an NSE arg or by
modifying the .nse.

IPInfoDB, on the other hand, doesn't seem to have a clear policy
against this.  It didn't make me agree to anything when I tried
registering.  But would you (Gorjan) write to them and ask permission
anyway?  I've kept the script in for now, but we should do the same as
Quova (require the user to provide a key) if IPInfoDB says that we
can't redistribute a key in our script.

Thanks,
Fyodor




-- 
Gorjan
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]