--- helma-1.3.0-alpha/src/helma/main/ApplicationManager.java	Thu Jun 26 17:15:15 2003
+++ helma-1.3.0-alpha-md/src/helma/main/ApplicationManager.java	Wed Aug 13 19:49:36 2003
@@ -279,6 +279,7 @@
         String cookieDomain;
         String uploadLimit;
         String debug;
+        String privacyNetmask;
         String charset;
         boolean encode;
 
@@ -298,6 +299,7 @@
             debug = props.getProperty(name+".debug");
             encode = "true".equalsIgnoreCase(props.getProperty(name +
                                         ".responseEncoding"));
+	    privacyNetmask = Server.sysProps.getProperty("privacyNetmask");
             String appDirName = props.getProperty(name + ".appdir");
             appDir = (appDirName == null) ? null : new File(appDirName);
             String dbDirName = props.getProperty(name + ".dbdir");
@@ -373,6 +375,10 @@
 
                     holder.setInitParameter("application", appName);
                     // holder.setInitParameter("mountpoint", mountpoint);
+
+                    if (privacyNetmask != null) {
+                        holder.setInitParameter("privacyNetmask", privacyNetmask);
+                    }
 
                     if (cookieDomain != null) {
                         holder.setInitParameter("cookieDomain", cookieDomain);
diff -rBbu helma-1.3.0-alpha/src/helma/servlet/AbstractServletClient.java helma-1.3.0-alpha-md/src/helma/servlet/AbstractServletClient.java
--- helma-1.3.0-alpha/src/helma/servlet/AbstractServletClient.java	Thu Jun 26 17:15:16 2003
+++ helma-1.3.0-alpha-md/src/helma/servlet/AbstractServletClient.java	Wed Aug 13 19:51:32 2003
@@ -59,6 +59,10 @@
     // enable debug output
     boolean debug;
 
+    // protect clients by ANDing their IP with this netmask;
+    int[] privacyNetmask;
+
+
     /**
      *
      *
@@ -81,6 +85,15 @@
             cookieDomain = cookieDomain.toLowerCase();
         }
 
+	// get privacyNetmask
+	String pnetmstr = init.getInitParameter("privacyNetmask");
+
+	if (pnetmstr == null) {
+	    privacyNetmask = new int[] {255, 255, 255, 255};
+	} else {
+	    privacyNetmask = IPStrToInts(pnetmstr);
+        }
+
         // get default encoding
         defaultEncoding = init.getInitParameter("charset");
         debug = ("true".equalsIgnoreCase(init.getInitParameter("debug")));
@@ -221,7 +234,7 @@
             String remotehost = request.getRemoteAddr();
 
             if (remotehost != null) {
-                reqtrans.set("http_remotehost", remotehost);
+                reqtrans.set("http_remotehost", applyPrivacyNetmask(remotehost));
             }
 
             // get the cookie domain to use for this response, if any.
@@ -623,6 +636,48 @@
                 putMapEntry(map, key, value);
             }
         }
+    }
+
+    /**
+     * Convert a String representing an IP Address to an array of ints
+     *
+     * @param address the string representing the IP-address
+     */
+    private int[] IPStrToInts (String address) throws ServletException {
+	int[] pattern;
+	pattern = new int[4];
+	
+	StringTokenizer st = new StringTokenizer(address, ".");
+	if (st.countTokens() != 4) {
+	    throw new ServletException ("\"" + address +
+				"\" does not represent a valid IP address");
+	}
+	
+	for (int i = 0; i < 4; i++) {
+	    String next = st.nextToken();	    
+	    pattern[i] = Integer.parseInt(next);
+	}
+	return pattern;
+    }  
+
+    public String applyPrivacyNetmask(String address) throws ServletException {
+	int[] pattern = new int[4];
+	String ret = new String();
+	
+	StringTokenizer st = new StringTokenizer(address, ".");
+	
+	if (st.countTokens() != 4) {
+	    throw new ServletException("\"" + address +
+				"\" does not represent a valid IP address");
+	}
+	
+	for (int i = 0; i < 4; i++) {
+	    String next = st.nextToken();
+	    ret += (Integer.parseInt(next)) & ((byte) privacyNetmask[i]);
+	    if(i < 3)
+		ret +=".";
+	}
+	return ret;
     }
 
     /**